CVE-2022-43486
6.8
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BUFFALO INC. | WXR-5700AX7S | firmware Ver. 1.27 and earlier | affected |
| BUFFALO INC. | WXR-5700AX7B | firmware Ver. 1.27 and earlier | affected |
| BUFFALO INC. | WSR-3200AX4S | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-3200AX4B | firmware Ver. 1.25 | affected |
| BUFFALO INC. | WSR-2533DHP | firmware Ver. 1.08 and earlier | affected |
| BUFFALO INC. | WSR-2533DHP2 | firmware Ver. 1.22 and earlier | affected |
| BUFFALO INC. | WSR-A2533DHP2 | firmware Ver. 1.22 and earlier | affected |
| BUFFALO INC. | WSR-2533DHP3 | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-A2533DHP3 | firmware Ver. 1.26 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPL | firmware Ver. 1.08 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPL2 | firmware Ver. 1.03 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPLS | firmware Ver. 1.07 and earlier | affected |
| BUFFALO INC. | WSR-2533DHPLB | firmware Ver. 1.05 | affected |
| BUFFALO INC. | WCR-1166DS | firmware Ver. 1.34 and earlier | affected |
| BUFFALO INC. | WEX-1800AX4 | firmware Ver. 1.13 and earlier | affected |
| BUFFALO INC. | WEX-1800AX4EA | firmware Ver. 1.13 and earlier | affected |
Weaknesses
- Hidden Functionality
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.