Multiple vulnerabilities in Buffalo network devices



Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-39044
CVE-2022-34840
CVE-2022-40966
CWE-ID CWE-912
CWE-798
CWE-288
Exploitation vector Local network
Public exploit N/A
Vulnerable software
WCR-300
Hardware solutions / Routers & switches, VoIP, GSM, etc

WHR-HP-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

WHR-HP-GN
Hardware solutions / Routers & switches, VoIP, GSM, etc

WPL-05G300
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-300HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-450HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-900DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WRM-D2133HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WRM-D2133HS
Hardware solutions / Routers & switches, VoIP, GSM, etc

WTR-M2133HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WTR-M2133HS
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP2
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP3
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-5950AX12
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-6000AX12B
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-6000AX12S
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-HP-AG300H
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-HP-G302H
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-1750DHP2
Hardware solutions / Routers & switches, VoIP, GSM, etc

WEM-1266
Hardware solutions / Routers & switches, VoIP, GSM, etc

WEM-1266WP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WLAE-AG300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-HP-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-R600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

BHR-4GRV
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor BUFFALO INC.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Hidden functionality

EUVDB-ID: #VU67886

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39044

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: All versions

WHR-HP-G300N: All versions

WHR-HP-GN: All versions

WPL-05G300: All versions

CPE2.3 External links

https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of hard-coded credentials

EUVDB-ID: #VU67887

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-34840

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can modify configuration settings of the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WZR-300HP: All versions

WZR-450HP: All versions

WZR-600DHP: All versions

WZR-900DHP: All versions

CPE2.3 External links

https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU67888

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40966

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: All versions

WHR-HP-G300N: All versions

WHR-HP-GN: All versions

WPL-05G300: All versions

WRM-D2133HP: All versions

WRM-D2133HS: All versions

WTR-M2133HP: All versions

WTR-M2133HS: All versions

WXR-1900DHP: All versions

WXR-1900DHP2: All versions

WXR-1900DHP3: All versions

WXR-5950AX12: All versions

WXR-6000AX12B: All versions

WXR-6000AX12S: All versions

WZR-300HP: All versions

WZR-450HP: All versions

WZR-600DHP: All versions

WZR-HP-AG300H: All versions

WZR-HP-G302H: All versions

WZR-900DHP: All versions

WZR-1750DHP2: All versions

WEM-1266: All versions

WEM-1266WP: All versions

WLAE-AG300N: All versions

FS-G300N: All versions

FS-HP-G300N: All versions

FS-R600DHP: All versions

FS-600DHP: All versions

BHR-4GRV: All versions

CPE2.3 External links

https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###