CVE-2024-26023

Summary

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
BUFFALO INC.WCR-1166DSfirmware Ver. 1.32 and earlieraffected
BUFFALO INC.WSR-1166DHPfirmware Ver. 1.14 and earlieraffected
BUFFALO INC.WSR-1166DHP2firmware Ver. 1.14 and earlieraffected
BUFFALO INC.WSR-2533DHPfirmware Ver. 1.06 and earlieraffected
BUFFALO INC.WSR-2533DHPLfirmware Ver. 1.06 and earlieraffected
BUFFALO INC.WSR-2533DHP2firmware Ver. 1.10 and earlieraffected
BUFFALO INC.WSR-A2533DHP2firmware Ver. 1.10 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References