#VU67888 Authentication bypass using an alternate path or channel in BUFFALO INC. products - CVE-2022-40966
Published: October 4, 2022
Vulnerability identifier: #VU67888
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-40966
CWE-ID: CWE-288
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
WCR-300
WHR-HP-G300N
WHR-HP-GN
WPL-05G300
WRM-D2133HP
WRM-D2133HS
WTR-M2133HP
WTR-M2133HS
WXR-1900DHP
WXR-1900DHP2
WXR-1900DHP3
WXR-5950AX12
WXR-6000AX12B
WXR-6000AX12S
WZR-300HP
WZR-450HP
WZR-600DHP
WZR-HP-AG300H
WZR-HP-G302H
WZR-900DHP
WZR-1750DHP2
WEM-1266
WEM-1266WP
WLAE-AG300N
FS-G300N
FS-HP-G300N
FS-R600DHP
FS-600DHP
BHR-4GRV
WCR-300
WHR-HP-G300N
WHR-HP-GN
WPL-05G300
WRM-D2133HP
WRM-D2133HS
WTR-M2133HP
WTR-M2133HS
WXR-1900DHP
WXR-1900DHP2
WXR-1900DHP3
WXR-5950AX12
WXR-6000AX12B
WXR-6000AX12S
WZR-300HP
WZR-450HP
WZR-600DHP
WZR-HP-AG300H
WZR-HP-G302H
WZR-900DHP
WZR-1750DHP2
WEM-1266
WEM-1266WP
WLAE-AG300N
FS-G300N
FS-HP-G300N
FS-R600DHP
FS-600DHP
BHR-4GRV
Software vendor:
BUFFALO INC.
BUFFALO INC.
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication for the target device.
Remediation
Install updates from vendor's website.