If accessible without authentication, lvappl.htm can expose:
Google has weakened search operators over the years (deprecating inurl combinations with punctuation). However, the inurl:lvapplhtm link dork still works on: inurl lvapplhtm link
A NAS is not an isolated asset. If compromised, it provides: If accessible without authentication, lvappl
Many legacy Buffalo devices shipped with a hidden backdoor account. Some firmware versions contained hardcoded credentials like root: (blank) or admin:password. A quick search on Exploit-DB reveals multiple Buffalo-specific exploits tied directly to the lvappl interface. For example:
http://[target]/cgi-bin/lvappl
A famous vulnerability in Buffalo LinkStation Pro/Live allows attackers to use ../../ sequences in the URL to read arbitrary files. For example:
http://[target]/cgi-bin/lvappl.cgi?path=../../../../etc/passwd
If lvappl.htm is visible, the CGI scripts handling it are likely vulnerable.
Open your browser and navigate to Google. Type:
allinurl:lvappl.htm link
(Using allinurl is sometimes more efficient than inurl alone.)