CVE-2022-43466
6.8
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S | firmware Ver. 1.27 and earlier | affected |
| BUFFALO INC. | WXR-5700AX7B | firmware Ver. 1.27 and earlier | affected |
| BUFFALO INC. | WSR-3200AX4S | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-3200AX4B | firmware Ver. 1.25 | affected |
| BUFFALO INC. | WSR-2533DHP2 | firmware Ver. 1.22 and earlier | affected |
| BUFFALO INC. | WSR-A2533DHP2 | firmware Ver. 1.22 and earlier | affected |
| BUFFALO INC. | WSR-2533DHP3 | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-A2533DHP3 | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPL2 | firmware Ver. 1.03 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPLS | firmware Ver. 1.07 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPLB | firmware Ver. 1.05 | affected |
| BUFFALO INC. | WEX-1800AX4 | firmware Ver. 1.13 and earlier | affected |
| BUFFALO INC. | WEX-1800AX4EA | firmware Ver. 1.13 and earlier | affected |
Weaknesses
- OS command injection
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.