Description
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- BUFFALO INC. / WCR-1166DSfirmware Ver. 1.34 and earlier – firmware Ver. 1.34 and earlier
- BUFFALO INC. / WEX-1800AX4firmware Ver. 1.13 and earlier – firmware Ver. 1.13 and earlier
- BUFFALO INC. / WEX-1800AX4EAfirmware Ver. 1.13 and earlier – firmware Ver. 1.13 and earlier
- BUFFALO INC. / WSR-2533DHPfirmware Ver. 1.08 and earlier – firmware Ver. 1.08 and earlier
- BUFFALO INC. / WSR-2533DHP2firmware Ver. 1.22 and earlier – firmware Ver. 1.22 and earlier
- BUFFALO INC. / WSR-2533DHP3firmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WSR-2533DHPLfirmware Ver. 1.08 and earlier – firmware Ver. 1.08 and earlier
- BUFFALO INC. / WSR-2533DHPL2firmware Ver. 1.03 and earlier – firmware Ver. 1.03 and earlier
- BUFFALO INC. / WSR-2533DHPLBfirmware Ver. 1.05 – firmware Ver. 1.05
- BUFFALO INC. / WSR-2533DHPLSfirmware Ver. 1.07 and earlier – firmware Ver. 1.07 and earlier
- BUFFALO INC. / WSR-3200AX4Bfirmware Ver. 1.25 – firmware Ver. 1.25
- BUFFALO INC. / WSR-3200AX4Sfirmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WSR-A2533DHP2firmware Ver. 1.22 and earlier – firmware Ver. 1.22 and earlier
- BUFFALO INC. / WSR-A2533DHP3firmware Ver. 1.26 and earlier – firmware Ver. 1.26 and earlier
- BUFFALO INC. / WXR-5700AX7Bfirmware Ver. 1.27 and earlier – firmware Ver. 1.27 and earlier
- BUFFALO INC. / WXR-5700AX7Sfirmware Ver. 1.27 and earlier – firmware Ver. 1.27 and earlier