Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability found for WEX-300 by BUFFALO INC.

JVNDB-2015-000085

Vulnerability from jvndb - Published: 2015-06-05 14:16 - Updated:2015-06-10 17:54

Severity ?

() - -

Summary

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Details

Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN50447904/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	BUFFALO INC.	BHR-4GRV2
	BUFFALO INC.	WEX-300
	BUFFALO INC.	WHR-1166DHP
	BUFFALO INC.	WHR-300HP2
	BUFFALO INC.	WHR-600D
	BUFFALO INC.	WMR-300
	BUFFALO INC.	WSR-600DHP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "dc:date": "2015-06-10T17:54+09:00",
  "dcterms:issued": "2015-06-05T14:16+09:00",
  "dcterms:modified": "2015-06-10T17:54+09:00",
  "description": "Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai, Satoshi Ogawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:buffalo_inc:bhr-4grv2",
      "@product": "BHR-4GRV2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wex-300",
      "@product": "WEX-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-1166dhp",
      "@product": "WHR-1166DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-300hp2",
      "@product": "WHR-300HP2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-600d",
      "@product": "WHR-600D",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wmr-300",
      "@product": "WMR-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wsr-600dhp",
      "@product": "WSR-600DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000085",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50447904/index.html",
      "@id": "JVN#50447904",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple Buffalo wireless LAN routers vulnerable to OS command injection"
}