All the vulnerabilites related to BUFFALO INC. - WEX-300
jvndb-2015-000085
Vulnerability from jvndb
Published
2015-06-05 14:16
Modified
2015-06-10 17:54
Severity ?
() - -
Summary
Multiple Buffalo wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN50447904/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284
NVD https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
BUFFALO INC.BHR-4GRV2
BUFFALO INC.WEX-300
BUFFALO INC.WHR-1166DHP
BUFFALO INC.WHR-300HP2
BUFFALO INC.WHR-600D
BUFFALO INC.WMR-300
BUFFALO INC.WSR-600DHP
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "dc:date": "2015-06-10T17:54+09:00",
  "dcterms:issued": "2015-06-05T14:16+09:00",
  "dcterms:modified": "2015-06-10T17:54+09:00",
  "description": "Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai, Satoshi Ogawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:buffalo_inc:bhr-4grv2",
      "@product": "BHR-4GRV2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wex-300",
      "@product": "WEX-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-1166dhp",
      "@product": "WHR-1166DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-300hp2",
      "@product": "WHR-300HP2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-600d",
      "@product": "WHR-600D",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wmr-300",
      "@product": "WMR-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wsr-600dhp",
      "@product": "WSR-600DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000085",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50447904/index.html",
      "@id": "JVN#50447904",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple Buffalo wireless LAN routers vulnerable to OS command injection"
}