Multiple vulnerabilities in Buffalo network devices
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-43466 CVE-2022-43443 CVE-2022-43486 |
| CWE-ID | CWE-78 CWE-912 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
WSR-3200AX4S Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-3200AX4B Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-A2533DHP2 Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHP3 Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-A2533DHP3 Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHPL2 Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHPLS Hardware solutions / Routers & switches, VoIP, GSM, etc WEX-1800AX4 Hardware solutions / Routers & switches, VoIP, GSM, etc WEX-1800AX4EA Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHP Hardware solutions / Routers & switches, VoIP, GSM, etc WSR-2533DHPL Hardware solutions / Routers & switches, VoIP, GSM, etc WCR-1166DS Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | BUFFALO INC. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU70082
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-43466
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWSR-3200AX4S: - - 1.26
WSR-3200AX4B: - - 1.25
WSR-2533DHP2: - - 1.22
WSR-A2533DHP2: - - 1.22
WSR-2533DHP3: - - 1.26
WSR-A2533DHP3: - - 1.26
WSR-2533DHPL2: - - 1.03
WSR-2533DHPLS: - - 1.07
WEX-1800AX4: - - 1.13
WEX-1800AX4EA: - - 1.13
CPE2.3- cpe:2.3:h:buffalo:wsr-3200ax4s:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4s:1.26:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:1.25:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp3:1.26:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpl2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpls:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wex-1800ax4:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wex-1800ax4ea:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU97099584/index.html
https://www.buffalo.jp/news/detail/20221205-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU70083
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43443
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWSR-3200AX4S: - - 1.26
WSR-3200AX4B: - - 1.25
WSR-2533DHP: - - 1.08
WSR-2533DHP2: - - 1.22
WSR-A2533DHP2: - - 1.22
WSR-2533DHP3: - - 1.26
WSR-A2533DHP3: - - 1.26
WSR-2533DHPL: - - 1.08
WSR-2533DHPL2: - - 1.03
WSR-2533DHPLS: - - 1.07
WCR-1166DS: - - 1.34
CPE2.3- cpe:2.3:h:buffalo:wsr-3200ax4s:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4s:1.26:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:1.25:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp:1.08:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpl:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpl2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpls:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wcr-1166ds:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU97099584/index.html
https://www.buffalo.jp/news/detail/20221205-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Hidden functionality
EUVDB-ID: #VU70084
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-43486
CWE-ID:
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary commands on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWSR-3200AX4S: - - 1.26
WSR-3200AX4B: - - 1.25
WSR-2533DHP: - - 1.08
WSR-2533DHP2: - - 1.22
WSR-A2533DHP2: - - 1.22
WSR-2533DHP3: - - 1.26
WSR-A2533DHP3: - - 1.26
WSR-2533DHPL: - - 1.08
WSR-2533DHPL2: - - 1.03
WSR-2533DHPLS: - - 1.07
WCR-1166DS: - - 1.34
WEX-1800AX4: - - 1.13
WEX-1800AX4EA: - - 1.13
CPE2.3- cpe:2.3:h:buffalo:wsr-3200ax4s:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4s:1.26:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-3200ax4b:1.25:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp:1.08:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp2:1.22:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-a2533dhp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpl:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpl2:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wsr-2533dhpls:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wcr-1166ds:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wex-1800ax4:*:*:*:*:*:*:*:*
- cpe:2.3:h:buffalo:wex-1800ax4ea:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU97099584/index.html
https://www.buffalo.jp/news/detail/20221205-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
