Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to BUFFALO INC. - WEX-300

jvndb-2015-000085

Vulnerability from jvndb

Published

2015-06-05 14:16

Modified

2015-06-10 17:54

Severity ?

() - -

Summary

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Details

Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN50447904/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	BUFFALO INC.	BHR-4GRV2
	BUFFALO INC.	WEX-300
	BUFFALO INC.	WHR-1166DHP
	BUFFALO INC.	WHR-300HP2
	BUFFALO INC.	WHR-600D
	BUFFALO INC.	WMR-300
	BUFFALO INC.	WSR-600DHP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "dc:date": "2015-06-10T17:54+09:00",
  "dcterms:issued": "2015-06-05T14:16+09:00",
  "dcterms:modified": "2015-06-10T17:54+09:00",
  "description": "Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai, Satoshi Ogawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000085.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:buffalo_inc:bhr-4grv2",
      "@product": "BHR-4GRV2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wex-300",
      "@product": "WEX-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-1166dhp",
      "@product": "WHR-1166DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-300hp2",
      "@product": "WHR-300HP2",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:whr-600d",
      "@product": "WHR-600D",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wmr-300",
      "@product": "WMR-300",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:buffalo_inc:wsr-600dhp",
      "@product": "WSR-600DHP",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000085",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50447904/index.html",
      "@id": "JVN#50447904",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9284",
      "@id": "CVE-2014-9284",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple Buffalo wireless LAN routers vulnerable to OS command injection"
}