CVE-2024-44072 (GCVE-0-2024-44072)
Vulnerability from cvelistv5
Published
2024-09-10 06:56
Modified
2024-09-10 19:58
Severity ?
EPSS score ?
Summary
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | BUFFALO INC. | WHR-1166DHP2 |
Version: Ver. 2.95 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:buffalo_inc:whr_1166dhp2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_1166dhp2", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.95", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:whr_1166dhp3:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_1166dhp3", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.95", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:whr_1166dhp4:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_1166dhp4", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.95", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wsr_1166dhp3:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsr_1166dhp3", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.18", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wsr_600dhp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsr_600dhp", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.93", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_300hptxn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_300hptxn", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.02", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_733dhp2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_733dhp2", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.03", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_1166dhp2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_1166dhp2", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.05", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_1166dhps:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_1166dhps", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.05", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_300hpsn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_300hpsn", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.02", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_733dhps:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_733dhps", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.02", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_733hptx:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_733hptx", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.03", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_1166dhp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_1166dhp", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.23", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wex_733dhp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wex_733dhp", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "1.64", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:whr_1166dhp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_1166dhp", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.92", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:whr_300hp2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_300hp2", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.51", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:whr_600d:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "whr_600d", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.91", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:buffalo_inc:wmr_300:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wmr_300", vendor: "buffalo_inc", versions: [ { lessThanOrEqual: "2.50", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44072", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:57:48.477370Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T19:58:39.140Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "WHR-1166DHP2", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.95 and earlier", }, ], }, { product: "WHR-1166DHP3", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.95 and earlier", }, ], }, { product: "WHR-1166DHP4", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.95 and earlier", }, ], }, { product: "WSR-1166DHP3", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.18 and earlier", }, ], }, { product: "WSR-600DHP", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.93 and earlier", }, ], }, { product: "WEX-300HPTX/N", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.02 and earlier", }, ], }, { product: "WEX-733DHP2", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.03 and earlier", }, ], }, { product: "WEX-1166DHP2", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.05 and earlier", }, ], }, { product: "WEX-1166DHPS", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.05 and earlier", }, ], }, { product: "WEX-300HPS/N", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.02 and earlier", }, ], }, { product: "WEX-733DHPS", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.02 and earlier", }, ], }, { product: "WEX-733DHPTX", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.03 and earlier", }, ], }, { product: "WEX-1166DHP", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.23 and earlier", }, ], }, { product: "WEX-733DHP", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 1.64 and earlier", }, ], }, { product: "WHR-1166DHP", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.92 and earlier", }, ], }, { product: "WHR-300HP2", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.51 and earlier", }, ], }, { product: "WHR-600D", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.91 and earlier", }, ], }, { product: "WMR-300", vendor: "BUFFALO INC.", versions: [ { status: "affected", version: "Ver. 2.50 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.", }, ], problemTypes: [ { descriptions: [ { description: "OS command injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T06:56:44.182Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.buffalo.jp/news/detail/20240719-01.html", }, { url: "https://jvn.jp/en/jp/JVN12824024/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-44072", datePublished: "2024-09-10T06:56:44.182Z", dateReserved: "2024-08-19T02:08:40.600Z", dateUpdated: "2024-09-10T19:58:39.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de inyecci\\u00f3n de comandos del sistema operativo en los enrutadores y repetidores de LAN inal\\u00e1mbrica de BUFFALO. Si un usuario inicia sesi\\u00f3n en la p\\u00e1gina de administraci\\u00f3n y env\\u00eda una solicitud especialmente manipulada al producto afectado desde la p\\u00e1gina de administraci\\u00f3n espec\\u00edfica del producto, se puede ejecutar un comando arbitrario del sistema operativo.\"}]", id: "CVE-2024-44072", lastModified: "2024-09-10T20:35:09.990", metrics: "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 4.7}]}", published: "2024-09-10T07:15:01.963", references: "[{\"url\": \"https://jvn.jp/en/jp/JVN12824024/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.buffalo.jp/news/detail/20240719-01.html\", \"source\": \"vultures@jpcert.or.jp\"}]", sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-44072\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-09-10T07:15:01.963\",\"lastModified\":\"2024-09-10T20:35:09.990\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inyección de comandos del sistema operativo en los enrutadores y repetidores de LAN inalámbrica de BUFFALO. Si un usuario inicia sesión en la página de administración y envía una solicitud especialmente manipulada al producto afectado desde la página de administración específica del producto, se puede ejecutar un comando arbitrario del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN12824024/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.buffalo.jp/news/detail/20240719-01.html\",\"source\":\"vultures@jpcert.or.jp\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-44072\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T18:57:48.477370Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_1166dhp2:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_1166dhp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.95\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_1166dhp3:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_1166dhp3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.95\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_1166dhp4:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_1166dhp4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.95\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wsr_1166dhp3:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wsr_1166dhp3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.18\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wsr_600dhp:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wsr_600dhp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.93\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_300hptxn:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_300hptxn\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.02\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_733dhp2:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_733dhp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.03\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_1166dhp2:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_1166dhp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.05\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_1166dhps:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_1166dhps\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.05\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_300hpsn:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_300hpsn\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.02\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_733dhps:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_733dhps\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.02\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_733hptx:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_733hptx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.03\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_1166dhp:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_1166dhp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.23\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wex_733dhp:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wex_733dhp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.64\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_1166dhp:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_1166dhp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.92\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_300hp2:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_300hp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.51\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:whr_600d:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"whr_600d\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.91\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:buffalo_inc:wmr_300:*:*:*:*:*:*:*:*\"], \"vendor\": \"buffalo_inc\", \"product\": \"wmr_300\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.50\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T19:02:33.417Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-1166DHP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.95 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-1166DHP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.95 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-1166DHP4\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.95 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-1166DHP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.18 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-600DHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.93 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-300HPTX/N\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.02 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-733DHP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.03 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-1166DHP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.05 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-1166DHPS\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.05 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-300HPS/N\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.02 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-733DHPS\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.02 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-733DHPTX\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.03 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-1166DHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.23 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-733DHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 1.64 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-1166DHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.92 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-300HP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.51 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WHR-600D\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.91 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WMR-300\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver. 2.50 and earlier\"}]}], \"references\": [{\"url\": \"https://www.buffalo.jp/news/detail/20240719-01.html\"}, {\"url\": \"https://jvn.jp/en/jp/JVN12824024/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"OS command injection\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-09-10T06:56:44.182Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-44072\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-10T19:58:39.140Z\", \"dateReserved\": \"2024-08-19T02:08:40.600Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-09-10T06:56:44.182Z\", \"assignerShortName\": \"jpcert\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.