CVE-2024-26023

Description

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

CVSS breakdown

Affected products

• BUFFALO INC. / WCR-1166DSfirmware Ver. 1.32 and earlier – firmware Ver. 1.32 and earlier
• BUFFALO INC. / WSR-1166DHPfirmware Ver. 1.14 and earlier – firmware Ver. 1.14 and earlier
• BUFFALO INC. / WSR-1166DHP2firmware Ver. 1.14 and earlier – firmware Ver. 1.14 and earlier
• BUFFALO INC. / WSR-2533DHPfirmware Ver. 1.06 and earlier – firmware Ver. 1.06 and earlier
• BUFFALO INC. / WSR-2533DHP2firmware Ver. 1.10 and earlier – firmware Ver. 1.10 and earlier
• BUFFALO INC. / WSR-2533DHPLfirmware Ver. 1.06 and earlier – firmware Ver. 1.06 and earlier
• BUFFALO INC. / WSR-A2533DHP2firmware Ver. 1.10 and earlier – firmware Ver. 1.10 and earlier

References

• MISChttps://www.buffalo.jp/news/detail/20240410-01.html
• MISChttps://jvn.jp/en/jp/JVN58236836/