gsd-2022-43443
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-43443",
    "id": "GSD-2022-43443"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43443"
      ],
      "details": "Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.",
      "id": "GSD-2022-43443",
      "modified": "2023-12-13T01:19:31.560037Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-43443",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WXR-11000XE12",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.10 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WXR-5700AX7S",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.27 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WXR-5700AX7B",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.27 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-3200AX4S",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-3200AX4B",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.25"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.08 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.22 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-A2533DHP2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.22 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-A2533DHP3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.08 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPL2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.03 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPLS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.07 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPLB",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.05"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-1166DHP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.16 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-1166DHP2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.17 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WCR-1166DS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.34 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "BUFFALO INC."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS command injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.buffalo.jp/news/detail/20240131-01.html",
            "refsource": "MISC",
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU97099584/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU97099584/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07164878-06B0-49DB-88D9-C149D72E67C4",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AE5277EC-9BD1-40C3-B1B9-C67A1C45645C",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30621C77-BB74-4862-A145-02113D009BF7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6BC6F897-46FE-4629-80EC-2740FBA080FF",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A8060FF-BC01-493F-8C6A-367B6532CED1",
                    "versionEndIncluding": "1.22",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08F476D3-8329-44B1-A2B0-B2AEB500863F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9EA7A67F-30F3-422E-9070-A2EA6353457E",
                    "versionEndIncluding": "1.22",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9BF474D3-21B8-47D5-BC18-443295C51638",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C1259443-53C8-4787-B427-81FD177E68A1",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AE0A99BA-2724-4F68-94F7-8825A0588E6F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "70BDFC2C-E148-4485-B2E6-33CA2276F751",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "093EA797-1F83-4FAA-935E-31F8C9986857",
                    "versionEndIncluding": "1.03",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "31E5BEB1-FCA6-49E9-A244-7AE3DDF83373",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "387619C1-3F85-43DC-A4B1-FF24E2AD8382",
                    "versionEndIncluding": "1.07",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "366FE02C-D030-4D36-B9C4-167A58D38174",
                    "versionEndIncluding": "1.08",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1574DB7C-A19C-45B5-AD37-4C0AFE8CC798",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "14367351-45B7-460E-80C2-D72609245466",
                    "versionEndIncluding": "1.08",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C23EE312-9ADE-4B0B-B7ED-F61AC441E5DB",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EE85F7D6-76DB-47C6-BB61-1572B53E8D48",
                    "versionEndIncluding": "1.34",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F5537A90-A060-4CB4-8912-D7994AE75196",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page."
          },
          {
            "lang": "es",
            "value": "Dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versi\u00f3n del firmware WSR-3200AX4B. 1.25, versi\u00f3n del firmware WSR-2533DHP. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-A2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-A2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-2533DHPL. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHPL2. 1.03 y anteriores, versi\u00f3n del firmware WSR-2533DHPLS. 1.07 y anteriores, y la versi\u00f3n del firmware WCR-1166DS. 1.34 y anteriores permiten a un atacante adyacente a la red ejecutar un comando arbitrario del sistema operativo si se env\u00eda una solicitud especialmente manipulada a la p\u00e1gina de administraci\u00f3n."
          }
        ],
        "id": "CVE-2022-43443",
        "lastModified": "2024-02-14T07:15:08.110",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-12-19T03:15:10.517",
        "references": [
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://jvn.jp/en/vu/JVNVU97099584/"
          },
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          }
        ],
        "sourceIdentifier": "vultures@jpcert.or.jp",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.