Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for wsr-2533dhp2_firmware by buffalo
CVE-2024-26023 (GCVE-0-2024-26023)
Vulnerability from nvd – Published: 2024-04-15 10:51 – Updated: 2024-08-01 23:59
VLAI?
Summary
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
Severity ?
4.2 (Medium)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WCR-1166DS |
Affected:
firmware Ver. 1.32 and earlier
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:buffalo_inc:wcr_1166ds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcr_1166ds",
"vendor": "buffalo_inc",
"versions": [
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T16:06:58.717753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T16:10:17.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.32 and earlier"
}
]
},
{
"product": "WSR-1166DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.14 and earlier"
}
]
},
{
"product": "WSR-1166DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.14 and earlier"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:51:04.093Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-26023",
"datePublished": "2024-04-15T10:51:04.093Z",
"dateReserved": "2024-03-19T02:22:43.480Z",
"dateUpdated": "2024-08-01T23:59:31.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23486 (GCVE-0-2024-23486)
Vulnerability from nvd – Published: 2024-04-15 10:50 – Updated: 2025-03-18 20:05
VLAI?
Summary
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
Severity ?
9.8 (Critical)
CWE
- Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WSR-2533DHP |
Affected:
firmware Ver. 1.06 and earlier
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:buffalo_inc:wsr-2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsr-2533dhp2",
"vendor": "buffalo_inc",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo_inc:a2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a2533dhp2",
"vendor": "buffalo_inc",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo:a2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a2533dhp2",
"vendor": "buffalo",
"versions": [
{
"lessThan": "1,06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo:wsr-2533dhpl:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsr-2533dhpl",
"vendor": "buffalo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T20:26:00.951617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:05:21.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:24.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product\u0027s login page may obtain configured credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Storage of a Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:50:01.778Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23486",
"datePublished": "2024-04-15T10:50:01.778Z",
"dateReserved": "2024-03-19T02:22:42.654Z",
"dateUpdated": "2025-03-18T20:05:21.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43486 (GCVE-0-2022-43486)
Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:34
VLAI?
Summary
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
Severity ?
6.8 (Medium)
CWE
- Hidden Functionality
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S |
Affected:
firmware Ver. 1.27 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:33:03.714783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:34:25.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.34 and earlier"
}
]
},
{
"product": "WEX-1800AX4",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
},
{
"product": "WEX-1800AX4EA",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:44:41.723Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43486",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:34:25.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43466 (GCVE-0-2022-43466)
Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:36
VLAI?
Summary
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Severity ?
6.8 (Medium)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S |
Affected:
firmware Ver. 1.27 and earlier
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:35:11.748523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:36:40.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WEX-1800AX4",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
},
{
"product": "WEX-1800AX4EA",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:43:10.641Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43466",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:36:40.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43443 (GCVE-0-2022-43443)
Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:54
VLAI?
Summary
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
Severity ?
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-11000XE12 |
Affected:
firmware Ver. 1.10 and earlier
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:54:16.464697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:54:48.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-11000XE12",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WSR-1166DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.16 and earlier"
}
]
},
{
"product": "WSR-1166DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.17 and earlier"
}
]
},
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.34 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:43:57.911Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43443",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:54:48.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26023 (GCVE-0-2024-26023)
Vulnerability from cvelistv5 – Published: 2024-04-15 10:51 – Updated: 2024-08-01 23:59
VLAI?
Summary
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
Severity ?
4.2 (Medium)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WCR-1166DS |
Affected:
firmware Ver. 1.32 and earlier
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:buffalo_inc:wcr_1166ds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcr_1166ds",
"vendor": "buffalo_inc",
"versions": [
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T16:06:58.717753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T16:10:17.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.32 and earlier"
}
]
},
{
"product": "WSR-1166DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.14 and earlier"
}
]
},
{
"product": "WSR-1166DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.14 and earlier"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:51:04.093Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-26023",
"datePublished": "2024-04-15T10:51:04.093Z",
"dateReserved": "2024-03-19T02:22:43.480Z",
"dateUpdated": "2024-08-01T23:59:31.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23486 (GCVE-0-2024-23486)
Vulnerability from cvelistv5 – Published: 2024-04-15 10:50 – Updated: 2025-03-18 20:05
VLAI?
Summary
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
Severity ?
9.8 (Critical)
CWE
- Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WSR-2533DHP |
Affected:
firmware Ver. 1.06 and earlier
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:buffalo_inc:wsr-2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsr-2533dhp2",
"vendor": "buffalo_inc",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo_inc:a2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a2533dhp2",
"vendor": "buffalo_inc",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo:a2533dhp2:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a2533dhp2",
"vendor": "buffalo",
"versions": [
{
"lessThan": "1,06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:buffalo:wsr-2533dhpl:1.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsr-2533dhpl",
"vendor": "buffalo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T20:26:00.951617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:05:21.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:24.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.06 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product\u0027s login page may obtain configured credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Storage of a Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:50:01.778Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240410-01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN58236836/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23486",
"datePublished": "2024-04-15T10:50:01.778Z",
"dateReserved": "2024-03-19T02:22:42.654Z",
"dateUpdated": "2025-03-18T20:05:21.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43466 (GCVE-0-2022-43466)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:36
VLAI?
Summary
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Severity ?
6.8 (Medium)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S |
Affected:
firmware Ver. 1.27 and earlier
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:35:11.748523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:36:40.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WEX-1800AX4",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
},
{
"product": "WEX-1800AX4EA",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:43:10.641Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43466",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:36:40.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43486 (GCVE-0-2022-43486)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:34
VLAI?
Summary
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
Severity ?
6.8 (Medium)
CWE
- Hidden Functionality
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S |
Affected:
firmware Ver. 1.27 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:33:03.714783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:34:25.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.34 and earlier"
}
]
},
{
"product": "WEX-1800AX4",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
},
{
"product": "WEX-1800AX4EA",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:44:41.723Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43486",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:34:25.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43443 (GCVE-0-2022-43443)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:54
VLAI?
Summary
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
Severity ?
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BUFFALO INC. | WXR-11000XE12 |
Affected:
firmware Ver. 1.10 and earlier
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:54:16.464697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:54:48.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WXR-11000XE12",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.10 and earlier"
}
]
},
{
"product": "WXR-5700AX7S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WXR-5700AX7B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.27 and earlier"
}
]
},
{
"product": "WSR-3200AX4S",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-3200AX4B",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.25"
}
]
},
{
"product": "WSR-2533DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-A2533DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.22 and earlier"
}
]
},
{
"product": "WSR-2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-A2533DHP3",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.26 and earlier"
}
]
},
{
"product": "WSR-2533DHPL",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.08 and earlier"
}
]
},
{
"product": "WSR-2533DHPL2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.03 and earlier"
}
]
},
{
"product": "WSR-2533DHPLS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.07 and earlier"
}
]
},
{
"product": "WSR-2533DHPLB",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.05"
}
]
},
{
"product": "WSR-1166DHP",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.16 and earlier"
}
]
},
{
"product": "WSR-1166DHP2",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.17 and earlier"
}
]
},
{
"product": "WCR-1166DS",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.34 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T06:43:57.911Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97099584/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43443",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:54:48.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}