Multiple vulnerabilities in Buffalo network devices
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Hidden functionality
EUVDB-ID: #VU67886
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39044
CWE-ID:
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWCR-300: before 1.88
WHR-HP-G300N: before 2.01
WHR-HP-GN: before 1.88
WPL-05G300: before 1.89
External linkshttp://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hard-coded credentials
EUVDB-ID: #VU67887
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34840
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can modify configuration settings of the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWZR-300HP: before 2.01
WZR-450HP: before 2.01
WZR-600DHP: before 2.01
WZR-900DHP: before 1.16
External linkshttp://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU67888
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40966
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWCR-300: before 1.88
WHR-HP-G300N: before 2.01
WHR-HP-GN: before 1.88
WPL-05G300: before 1.89
WRM-D2133HP: before 2.86
WRM-D2133HS: before 2.97
WTR-M2133HP: before 2.86
WTR-M2133HS: before 2.97
WXR-1900DHP: before 2.51
WXR-1900DHP2: before 2.60
WXR-1900DHP3: before 2.64
WXR-5950AX12: before 3.41
WXR-6000AX12B: before 3.41
WXR-6000AX12S: before 3.41
WZR-300HP: before 2.01
WZR-450HP: before 2.01
WZR-600DHP: before 2.01
WZR-HP-AG300H: before 1.77
WZR-HP-G302H: before 1.89
WZR-900DHP: before 1.16
WZR-1750DHP2: before 2.32
WEM-1266: before 2.86
WEM-1266WP: before 2.86
WLAE-AG300N: before 1.87
FS-G300N: before 3.15
FS-HP-G300N: before 3.34
FS-R600DHP: before 3.41
FS-600DHP: before 3.41
BHR-4GRV: before 2.01
External linkshttp://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
