CVE-2024-44072
5.7
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Summary
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BUFFALO INC. | WHR-1166DHP2 | Ver. 2.95 and earlier | affected |
| BUFFALO INC. | WHR-1166DHP3 | Ver. 2.95 and earlier | affected |
| BUFFALO INC. | WHR-1166DHP4 | Ver. 2.95 and earlier | affected |
| BUFFALO INC. | WSR-1166DHP3 | Ver. 1.18 and earlier | affected |
| BUFFALO INC. | WSR-600DHP | Ver. 2.93 and earlier | affected |
| BUFFALO INC. | WEX-300HPTX/N | Ver. 1.02 and earlier | affected |
| BUFFALO INC. | WEX-733DHP2 | Ver. 1.03 and earlier | affected |
| BUFFALO INC. | WEX-1166DHP2 | Ver. 1.05 and earlier | affected |
| BUFFALO INC. | WEX-1166DHPS | Ver. 1.05 and earlier | affected |
| BUFFALO INC. | WEX-300HPS/N | Ver. 1.02 and earlier | affected |
| BUFFALO INC. | WEX-733DHPS | Ver. 1.02 and earlier | affected |
| BUFFALO INC. | WEX-733DHPTX | Ver. 1.03 and earlier | affected |
| BUFFALO INC. | WEX-1166DHP | Ver. 1.23 and earlier | affected |
| BUFFALO INC. | WEX-733DHP | Ver. 1.64 and earlier | affected |
| BUFFALO INC. | WHR-1166DHP | Ver. 2.92 and earlier | affected |
| BUFFALO INC. | WHR-300HP2 | Ver. 2.51 and earlier | affected |
| BUFFALO INC. | WHR-600D | Ver. 2.91 and earlier | affected |
| BUFFALO INC. | WMR-300 | Ver. 2.50 and earlier | affected |
Weaknesses
- OS command injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.