Multiple vulnerabilities in Buffalo network devices
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-39044 CVE-2022-34840 CVE-2022-40966 |
| CWE-ID | CWE-912 CWE-798 CWE-288 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
WCR-300 Hardware solutions / Routers & switches, VoIP, GSM, etc WHR-HP-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc WHR-HP-GN Hardware solutions / Routers & switches, VoIP, GSM, etc WPL-05G300 Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-300HP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-450HP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-900DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WRM-D2133HP Hardware solutions / Routers & switches, VoIP, GSM, etc WRM-D2133HS Hardware solutions / Routers & switches, VoIP, GSM, etc WTR-M2133HP Hardware solutions / Routers & switches, VoIP, GSM, etc WTR-M2133HS Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-1900DHP3 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-5950AX12 Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-6000AX12B Hardware solutions / Routers & switches, VoIP, GSM, etc WXR-6000AX12S Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-HP-AG300H Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-HP-G302H Hardware solutions / Routers & switches, VoIP, GSM, etc WZR-1750DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WEM-1266 Hardware solutions / Routers & switches, VoIP, GSM, etc WEM-1266WP Hardware solutions / Routers & switches, VoIP, GSM, etc WLAE-AG300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-HP-G300N Hardware solutions / Routers & switches, VoIP, GSM, etc FS-R600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc FS-600DHP Hardware solutions / Routers & switches, VoIP, GSM, etc BHR-4GRV Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | BUFFALO INC. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Hidden functionality
EUVDB-ID: #VU67886
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39044
CWE-ID:
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWCR-300: All versions
WHR-HP-G300N: All versions
WHR-HP-GN: All versions
WPL-05G300: All versions
CPE2.3- cpe:2.3:h:buffalo:wcr-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:whr-hp-g300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:whr-hp-gn:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wpl-05g300:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hard-coded credentials
EUVDB-ID: #VU67887
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-34840
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can modify configuration settings of the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWZR-300HP: All versions
WZR-450HP: All versions
WZR-600DHP: All versions
WZR-900DHP: All versions
CPE2.3- cpe:2.3:h:buffalo:wzr-300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-450hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-600dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-900dhp:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU67888
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40966
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWCR-300: All versions
WHR-HP-G300N: All versions
WHR-HP-GN: All versions
WPL-05G300: All versions
WRM-D2133HP: All versions
WRM-D2133HS: All versions
WTR-M2133HP: All versions
WTR-M2133HS: All versions
WXR-1900DHP: All versions
WXR-1900DHP2: All versions
WXR-1900DHP3: All versions
WXR-5950AX12: All versions
WXR-6000AX12B: All versions
WXR-6000AX12S: All versions
WZR-300HP: All versions
WZR-450HP: All versions
WZR-600DHP: All versions
WZR-HP-AG300H: All versions
WZR-HP-G302H: All versions
WZR-900DHP: All versions
WZR-1750DHP2: All versions
WEM-1266: All versions
WEM-1266WP: All versions
WLAE-AG300N: All versions
FS-G300N: All versions
FS-HP-G300N: All versions
FS-R600DHP: All versions
FS-600DHP: All versions
BHR-4GRV: All versions
CPE2.3- cpe:2.3:h:buffalo:wcr-300:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:whr-hp-g300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:whr-hp-gn:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wpl-05g300:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wrm-d2133hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wrm-d2133hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wtr-m2133hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wtr-m2133hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-1900dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-1900dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-1900dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-5950ax12:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-6000ax12b:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wxr-6000ax12s:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-450hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-600dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-hp-ag300h:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-hp-g302h:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-900dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wzr-1750dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wem-1266:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wem-1266wp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wlae-ag300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:fs-g300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:fs-hp-g300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:fs-r600dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:fs-600dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:bhr-4grv:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
