Multiple vulnerabilities in Buffalo network devices

Published: 2022-10-04

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2022-39044 CVE-2022-34840 CVE-2022-40966
CWE-ID	CWE-912 CWE-798 CWE-288
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	WCR-300 Hardware solutions / Routers & switches, VoIP, GSM, etc WHR-HP-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc WHR-HP-GN Hardware solutions / Routers & switches, VoIP, GSM, etc WPL-05G300 Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-300HP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-450HP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-900DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WRM-D2133HP Hardware solutions / Routers & switches, VoIP, GSM, etc WRM-D2133HS Hardware solutions / Routers & switches, VoIP, GSM, etc WTR-M2133HP Hardware solutions / Routers & switches, VoIP, GSM, etc WTR-M2133HS Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP3 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-5950AX12 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-6000AX12B Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-6000AX12S Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-HP-AG300H Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-HP-G302H Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-1750DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WEM-1266 Hardware solutions / Routers & switches, VoIP, GSM, etc WEM-1266WP Hardware solutions / Routers & switches, VoIP, GSM, etc WLAE-AG300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-HP-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-R600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc FS-600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc BHR-4GRV Hardware solutions / Routers & switches, VoIP, GSM, etc
Vendor

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Hidden functionality

EUVDB-ID: #VU67886

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-39044

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: before 1.88

WHR-HP-G300N: before 2.01

WHR-HP-GN: before 1.88

WPL-05G300: before 1.89

CPE2.3

External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Use of hard-coded credentials

EUVDB-ID: #VU67887

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34840

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can modify configuration settings of the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WZR-300HP: before 2.01

WZR-450HP: before 2.01

WZR-600DHP: before 2.01

WZR-900DHP: before 1.16

CPE2.3

External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU67888

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40966

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: before 1.88

WHR-HP-G300N: before 2.01

WHR-HP-GN: before 1.88

WPL-05G300: before 1.89

WRM-D2133HP: before 2.86

WRM-D2133HS: before 2.97

WTR-M2133HP: before 2.86

WTR-M2133HS: before 2.97

WXR-1900DHP: before 2.51

WXR-1900DHP2: before 2.60

WXR-1900DHP3: before 2.64

WXR-5950AX12: before 3.41

WXR-6000AX12B: before 3.41

WXR-6000AX12S: before 3.41

WZR-300HP: before 2.01

WZR-450HP: before 2.01

WZR-600DHP: before 2.01

WZR-HP-AG300H: before 1.77

WZR-HP-G302H: before 1.89

WZR-900DHP: before 1.16

WZR-1750DHP2: before 2.32

WEM-1266: before 2.86

WEM-1266WP: before 2.86

WLAE-AG300N: before 1.87

FS-G300N: before 3.15

FS-HP-G300N: before 3.34

FS-R600DHP: before 3.41

FS-600DHP: before 3.41

BHR-4GRV: before 2.01

CPE2.3

External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?