Search criteria
2 vulnerabilities found for wex-1800ax4ea by buffalo
VAR-202212-0950
Vulnerability from variot - Updated: 2024-02-15 22:56OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0950",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wsr-3200ax4s",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wsr-a2533dhp2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.22"
},
{
"model": "wsr-2533dhpls",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.07"
},
{
"model": "wsr-2533dhp3",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wsr-a2533dhp3",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wex-1800ax4",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "wex-1800ax4ea",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "wsr-2533dhpl2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.03"
},
{
"model": "wsr-2533dhp2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.22"
},
{
"model": "wsr-3200ax4b",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.25"
},
{
"model": "wsr-2533dhpl2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhplb",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhpl",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-5700ax7b",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-a2533dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhpls",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-3200ax4b",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wcr-1166ds",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wex-1800ax4ea",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp3",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wex-1800ax4",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-5700ax7s",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-3200ax4s",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-a2533dhp3",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-1166dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-11000xe12",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"cve": "CVE-2022-43466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-002775",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43466",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002775",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2830",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43466"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "VULMON",
"id": "CVE-2022-43466"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU97099584",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-43466",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-43466",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43466"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"id": "VAR-202212-0950",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7416666666666667
},
"last_update_date": "2024-02-15T22:56:53.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffalo Co., Ltd. \u00a0 announcement page",
"trust": 0.8,
"url": "https://www.buffalo.jp/news/detail/20221205-01.html"
},
{
"title": "Buffalo network devices Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=219179"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://jvn.jp/en/vu/jvnvu97099584/"
},
{
"trust": 1.0,
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97099584/index.html"
},
{
"trust": 0.7,
"url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
},
{
"trust": 0.7,
"url": "https://www.buffalo.jp/news/detail/20221205-01.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43466/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43466"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-43466"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43466"
},
{
"date": "2022-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"date": "2022-12-19T03:15:10.577000",
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43466"
},
{
"date": "2024-02-14T06:39:00",
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"date": "2022-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2830"
},
{
"date": "2024-02-14T07:15:08.567000",
"db": "NVD",
"id": "CVE-2022-43466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Buffalo network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2830"
}
],
"trust": 0.6
}
}
VAR-202212-0948
Vulnerability from variot - Updated: 2024-02-15 22:56Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0948",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wsr-3200ax4s",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wsr-a2533dhp2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.22"
},
{
"model": "wsr-2533dhpls",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.07"
},
{
"model": "wsr-2533dhp3",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wsr-2533dhpl",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.08"
},
{
"model": "wsr-a2533dhp3",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.26"
},
{
"model": "wex-1800ax4",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "wsr-2533dhp",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.08"
},
{
"model": "wex-1800ax4ea",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "wsr-2533dhpl2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.03"
},
{
"model": "wcr-1166ds",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.34"
},
{
"model": "wsr-2533dhp2",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.22"
},
{
"model": "wsr-3200ax4b",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.25"
},
{
"model": "wsr-2533dhpl2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhplb",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhpl",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-5700ax7b",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-a2533dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhpls",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-3200ax4b",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wcr-1166ds",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wex-1800ax4ea",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp3",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wex-1800ax4",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-5700ax7s",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-3200ax4s",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-a2533dhp3",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-1166dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wxr-11000xe12",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-2533dhp2",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.22",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"cve": "CVE-2022-43486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002775",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43486",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002775",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2828",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43486"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "VULMON",
"id": "CVE-2022-43486"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU97099584",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-43486",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-43486",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43486"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"id": "VAR-202212-0948",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7416666666666667
},
"last_update_date": "2024-02-15T22:56:53.056000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Buffalo Co., Ltd. \u00a0 announcement page",
"trust": 0.8,
"url": "https://www.buffalo.jp/news/detail/20221205-01.html"
},
{
"title": "Buffalo network devices Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=218326"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://jvn.jp/en/vu/jvnvu97099584/"
},
{
"trust": 1.0,
"url": "https://www.buffalo.jp/news/detail/20240131-01.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97099584/index.html"
},
{
"trust": 0.7,
"url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
},
{
"trust": 0.7,
"url": "https://www.buffalo.jp/news/detail/20221205-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43486/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-43486"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-43486"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43486"
},
{
"date": "2022-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"date": "2022-12-19T03:15:10.633000",
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-43486"
},
{
"date": "2024-02-14T06:39:00",
"db": "JVNDB",
"id": "JVNDB-2022-002775"
},
{
"date": "2022-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2828"
},
{
"date": "2024-02-14T07:15:09.107000",
"db": "NVD",
"id": "CVE-2022-43486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Buffalo network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2828"
}
],
"trust": 0.6
}
}