CVE-2022-43443

Summary

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

Affected Software

VendorProductVersion RangeStatus
BUFFALO INC.WXR-11000XE12firmware Ver. 1.10 and earlieraffected
BUFFALO INC.WXR-5700AX7Sfirmware Ver. 1.27 and earlieraffected
BUFFALO INC.WXR-5700AX7Bfirmware Ver. 1.27 and earlieraffected
BUFFALO INC.WSR-3200AX4Sfirmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-3200AX4Bfirmware Ver. 1.25affected
BUFFALO INC.WSR-2533DHPfirmware Ver. 1.08 and earlieraffected
BUFFALO INC.WSR-2533DHP2firmware Ver. 1.22 and earlieraffected
BUFFALO INC.WSR-A2533DHP2firmware Ver. 1.22 and earlieraffected
BUFFALO INC.WSR-2533DHP3firmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-A2533DHP3firmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-2533DHPLfirmware Ver. 1.08 and earlieraffected
BUFFALO INC.WSR-2533DHPL2firmware Ver. 1.03 and earlieraffected
BUFFALO INC.WSR-2533DHPLSfirmware Ver. 1.07 and earlieraffected
BUFFALO INC.WSR-2533DHPLBfirmware Ver. 1.05affected
BUFFALO INC.WSR-1166DHPfirmware Ver. 1.16 and earlieraffected
BUFFALO INC.WSR-1166DHP2firmware Ver. 1.17 and earlieraffected
BUFFALO INC.WCR-1166DSfirmware Ver. 1.34 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References