All the vulnerabilites related to BUFFALO INC. - WEX-300
jvndb-2015-000085
Vulnerability from jvndb
Published
2015-06-05 14:16
Modified
2015-06-10 17:54
Severity ?
() - -
Summary
Multiple Buffalo wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "dc:date": "2015-06-10T17:54+09:00",
  "dcterms:issued": "2015-06-05T14:16+09:00",
  "dcterms:modified": "2015-06-10T17:54+09:00",
  "description": "Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai, Satoshi Ogawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:buffalo_inc:bhr-4grv2",
      "@product": "BHR-4GRV2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wex-300",
      "@product": "WEX-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-1166dhp",
      "@product": "WHR-1166DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-300hp2",
      "@product": "WHR-300HP2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-600d",
      "@product": "WHR-600D",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wmr-300",
      "@product": "WMR-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wsr-600dhp",
      "@product": "WSR-600DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000085",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50447904/index.html",
      "@id": "JVN#50447904",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple Buffalo wireless LAN routers vulnerable to OS command injection"
}