fkie_cve-2022-43466
Vulnerability from fkie_nvd
Published
2022-12-19 03:15
Modified
2024-11-21 07:26
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
References
vultures@jpcert.or.jphttps://jvn.jp/en/vu/JVNVU97099584/
vultures@jpcert.or.jphttps://www.buffalo.jp/news/detail/20240131-01.html
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/vu/JVNVU97099584/
af854a3a-2127-422b-91ae-364da2661108https://www.buffalo.jp/news/detail/20240131-01.html
Impacted products
Vendor Product Version
buffalo wsr-3200ax4s_firmware *
buffalo wsr-3200ax4s -
buffalo wsr-3200ax4b_firmware 1.25
buffalo wsr-3200ax4b -
buffalo wsr-2533dhp2_firmware *
buffalo wsr-2533dhp2 -
buffalo wsr-a2533dhp2_firmware *
buffalo wsr-a2533dhp2 -
buffalo wsr-2533dhp3_firmware *
buffalo wsr-2533dhp3 -
buffalo wsr-a2533dhp3_firmware *
buffalo wsr-a2533dhp3 -
buffalo wsr-2533dhpl2_firmware *
buffalo wsr-2533dhpl2 -
buffalo wsr-2533dhpls_firmware *
buffalo wsr-2533dhpls -
buffalo wex-1800ax4_firmware *
buffalo wex-1800ax4 -
buffalo wex-1800ax4ea_firmware *
buffalo wex-1800ax4ea -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07164878-06B0-49DB-88D9-C149D72E67C4",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5277EC-9BD1-40C3-B1B9-C67A1C45645C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "30621C77-BB74-4862-A145-02113D009BF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6F897-46FE-4629-80EC-2740FBA080FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8060FF-BC01-493F-8C6A-367B6532CED1",
              "versionEndIncluding": "1.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F476D3-8329-44B1-A2B0-B2AEB500863F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA7A67F-30F3-422E-9070-A2EA6353457E",
              "versionEndIncluding": "1.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BF474D3-21B8-47D5-BC18-443295C51638",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1259443-53C8-4787-B427-81FD177E68A1",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0A99BA-2724-4F68-94F7-8825A0588E6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BDFC2C-E148-4485-B2E6-33CA2276F751",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "093EA797-1F83-4FAA-935E-31F8C9986857",
              "versionEndIncluding": "1.03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E5BEB1-FCA6-49E9-A244-7AE3DDF83373",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "387619C1-3F85-43DC-A4B1-FF24E2AD8382",
              "versionEndIncluding": "1.07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FE69C5-AC26-4839-9495-3D6F9E34C20B",
              "versionEndIncluding": "1.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "751FA556-DDEC-4A69-A6F7-4959FAF6A5C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04C137D-C6A9-4FC6-AEF0-5F42E16B46E8",
              "versionEndIncluding": "1.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81507AF7-B640-4695-A095-20ADFD197C66",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program."
    },
    {
      "lang": "es",
      "value": "Dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versi\u00f3n del firmware WSR-3200AX4B. 1.25, versi\u00f3n del firmware WSR-2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-A2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-A2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-2533DHPL2. 1.03 y anteriores, versi\u00f3n del firmware WSR-2533DHPLS. 1.07 y anteriores, versi\u00f3n del firmware WEX-1800AX4. 1.13 y anteriores, y la versi\u00f3n del firmware WEX-1800AX4EA. 1.13 y anteriores permiten a un atacante adyacente a la red con privilegios administrativos ejecutar un comando arbitrario del sistema operativo si se env\u00eda una solicitud especialmente manipulada a un programa CGI espec\u00edfico."
    }
  ],
  "id": "CVE-2022-43466",
  "lastModified": "2024-11-21T07:26:32.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-19T03:15:10.577",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU97099584/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jvn.jp/en/vu/JVNVU97099584/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.