Main Vulnerability Database Vulnerabilities #VU67886

#VU67886 Hidden functionality in BUFFALO INC. products - CVE-2022-39044

Published: October 4, 2022

Vulnerability identifier: #VU67886

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-39044

CWE-ID: CWE-912

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
WCR-300
WHR-HP-G300N
WHR-HP-GN
WPL-05G300

Software vendor:
BUFFALO INC.

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the system.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/vu/JVNVU92805279/index.html
https://www.buffalo.jp/news/detail/20221003-01.html

#VU67886 Hidden functionality in BUFFALO INC. products - CVE-2022-39044

Description

Remediation

External links

Please verify you're human