CVE-2022-43486

Summary

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.

Affected Software

VendorProductVersion RangeStatus
BUFFALO INC.WXR-5700AX7Sfirmware Ver. 1.27 and earlieraffected
BUFFALO INC.WXR-5700AX7Bfirmware Ver. 1.27 and earlieraffected
BUFFALO INC.WSR-3200AX4Sfirmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-3200AX4Bfirmware Ver. 1.25affected
BUFFALO INC.WSR-2533DHPfirmware Ver. 1.08 and earlieraffected
BUFFALO INC.WSR-2533DHP2firmware Ver. 1.22 and earlieraffected
BUFFALO INC.WSR-A2533DHP2firmware Ver. 1.22 and earlieraffected
BUFFALO INC.WSR-2533DHP3firmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-A2533DHP3firmware Ver. 1.26 and earlieraffected
BUFFALO INC.WSR-2533DHPLfirmware Ver. 1.08 and earlieraffected
BUFFALO INC.WSR-2533DHPL2firmware Ver. 1.03 and earlieraffected
BUFFALO INC.WSR-2533DHPLSfirmware Ver. 1.07 and earlieraffected
BUFFALO INC.WSR-2533DHPLBfirmware Ver. 1.05affected
BUFFALO INC.WCR-1166DSfirmware Ver. 1.34 and earlieraffected
BUFFALO INC.WEX-1800AX4firmware Ver. 1.13 and earlieraffected
BUFFALO INC.WEX-1800AX4EAfirmware Ver. 1.13 and earlieraffected

Weaknesses

  • Hidden Functionality

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References