Description
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- BUFFALO INC. / WCR-1166DSfirmware Ver. 1.34 and earlier – firmware Ver. 1.34 and earlier
- BUFFALO INC. / WSR-1166DHPfirmware Ver. 1.16 and earlier – firmware Ver. 1.16 and earlier
- BUFFALO INC. / WSR-1166DHP2firmware Ver. 1.17 and earlier – firmware Ver. 1.17 and earlier
- BUFFALO INC. / WSR-2533DHPfirmware Ver. 1.08 and earlier – firmware Ver. 1.08 and earlier
- BUFFALO INC. / WSR-2533DHP2firmware Ver. 1.22 and earlier – firmware Ver. 1.22 and earlier
- BUFFALO INC. / WSR-2533DHP3firmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WSR-2533DHPLfirmware Ver. 1.08 and earlier – firmware Ver. 1.08 and earlier
- BUFFALO INC. / WSR-2533DHPL2firmware Ver. 1.03 and earlier – firmware Ver. 1.03 and earlier
- BUFFALO INC. / WSR-2533DHPLBfirmware Ver. 1.05 – firmware Ver. 1.05
- BUFFALO INC. / WSR-2533DHPLSfirmware Ver. 1.07 and earlier – firmware Ver. 1.07 and earlier
- BUFFALO INC. / WSR-3200AX4Bfirmware Ver. 1.25 – firmware Ver. 1.25
- BUFFALO INC. / WSR-3200AX4Sfirmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WSR-A2533DHP2firmware Ver. 1.22 and earlier – firmware Ver. 1.22 and earlier
- BUFFALO INC. / WSR-A2533DHP3firmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WXR-11000XE12firmware Ver. 1.10 and earlier – firmware Ver. 1.10 and earlier
- BUFFALO INC. / WXR-5700AX7Bfirmware Ver. 1.27 and earlier – firmware Ver. 1.27 and earlier
- BUFFALO INC. / WXR-5700AX7Sfirmware Ver. 1.27 and earlier – firmware Ver. 1.27 and earlier