Multiple vulnerabilities in Buffalo network devices



Published: 2022-10-04
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-39044
CVE-2022-34840
CVE-2022-40966
CWE-ID CWE-912
CWE-798
CWE-288
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
WCR-300
Hardware solutions / Routers & switches, VoIP, GSM, etc

WHR-HP-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

WHR-HP-GN
Hardware solutions / Routers & switches, VoIP, GSM, etc

WPL-05G300
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-300HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-450HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-900DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WRM-D2133HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WRM-D2133HS
Hardware solutions / Routers & switches, VoIP, GSM, etc

WTR-M2133HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WTR-M2133HS
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP2
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-1900DHP3
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-5950AX12
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-6000AX12B
Hardware solutions / Routers & switches, VoIP, GSM, etc

WXR-6000AX12S
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-HP-AG300H
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-HP-G302H
Hardware solutions / Routers & switches, VoIP, GSM, etc

WZR-1750DHP2
Hardware solutions / Routers & switches, VoIP, GSM, etc

WEM-1266
Hardware solutions / Routers & switches, VoIP, GSM, etc

WEM-1266WP
Hardware solutions / Routers & switches, VoIP, GSM, etc

WLAE-AG300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-HP-G300N
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-R600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

FS-600DHP
Hardware solutions / Routers & switches, VoIP, GSM, etc

BHR-4GRV
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Hidden functionality

EUVDB-ID: #VU67886

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-39044

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: before 1.88

WHR-HP-G300N: before 2.01

WHR-HP-GN: before 1.88

WPL-05G300: before 1.89


CPE2.3
External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Use of hard-coded credentials

EUVDB-ID: #VU67887

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34840

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker on the local network can modify configuration settings of the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WZR-300HP: before 2.01

WZR-450HP: before 2.01

WZR-600DHP: before 2.01

WZR-900DHP: before 1.16


CPE2.3
External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU67888

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40966

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WCR-300: before 1.88

WHR-HP-G300N: before 2.01

WHR-HP-GN: before 1.88

WPL-05G300: before 1.89

WRM-D2133HP: before 2.86

WRM-D2133HS: before 2.97

WTR-M2133HP: before 2.86

WTR-M2133HS: before 2.97

WXR-1900DHP: before 2.51

WXR-1900DHP2: before 2.60

WXR-1900DHP3: before 2.64

WXR-5950AX12: before 3.41

WXR-6000AX12B: before 3.41

WXR-6000AX12S: before 3.41

WZR-300HP: before 2.01

WZR-450HP: before 2.01

WZR-600DHP: before 2.01

WZR-HP-AG300H: before 1.77

WZR-HP-G302H: before 1.89

WZR-900DHP: before 1.16

WZR-1750DHP2: before 2.32

WEM-1266: before 2.86

WEM-1266WP: before 2.86

WLAE-AG300N: before 1.87

FS-G300N: before 3.15

FS-HP-G300N: before 3.34

FS-R600DHP: before 3.41

FS-600DHP: before 3.41

BHR-4GRV: before 2.01


CPE2.3
External links

http://jvn.jp/en/vu/JVNVU92805279/index.html
http://www.buffalo.jp/news/detail/20221003-01.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###