CVE-2024-44072

Summary

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.

Affected Software

VendorProductVersion RangeStatus
BUFFALO INC.WHR-1166DHP2Ver. 2.95 and earlieraffected
BUFFALO INC.WHR-1166DHP3Ver. 2.95 and earlieraffected
BUFFALO INC.WHR-1166DHP4Ver. 2.95 and earlieraffected
BUFFALO INC.WSR-1166DHP3Ver. 1.18 and earlieraffected
BUFFALO INC.WSR-600DHPVer. 2.93 and earlieraffected
BUFFALO INC.WEX-300HPTX/NVer. 1.02 and earlieraffected
BUFFALO INC.WEX-733DHP2Ver. 1.03 and earlieraffected
BUFFALO INC.WEX-1166DHP2Ver. 1.05 and earlieraffected
BUFFALO INC.WEX-1166DHPSVer. 1.05 and earlieraffected
BUFFALO INC.WEX-300HPS/NVer. 1.02 and earlieraffected
BUFFALO INC.WEX-733DHPSVer. 1.02 and earlieraffected
BUFFALO INC.WEX-733DHPTXVer. 1.03 and earlieraffected
BUFFALO INC.WEX-1166DHPVer. 1.23 and earlieraffected
BUFFALO INC.WEX-733DHPVer. 1.64 and earlieraffected
BUFFALO INC.WHR-1166DHPVer. 2.92 and earlieraffected
BUFFALO INC.WHR-300HP2Ver. 2.51 and earlieraffected
BUFFALO INC.WHR-600DVer. 2.91 and earlieraffected
BUFFALO INC.WMR-300Ver. 2.50 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References