CVE-2022-43466

Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
References
Link Resource
https://jvn.jp/en/vu/JVNVU97099584/index.html Third Party Advisory VDB Entry
https://www.buffalo.jp/news/detail/20221205-01.html Patch Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*

Information

Published : 2022-12-18 19:15

Updated : 2022-12-27 09:47


NVD link : CVE-2022-43466

Mitre link : CVE-2022-43466


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

buffalo

  • wsr-3200ax4b
  • wsr-2533dhpl2
  • wsr-a2533dhp2_firmware
  • wsr-2533dhp3_firmware
  • wsr-3200ax4s
  • wsr-a2533dhp2
  • wsr-2533dhp3
  • wsr-2533dhp2_firmware
  • wsr-a2533dhp3_firmware
  • wsr-2533dhpls_firmware
  • wex-1800ax4_firmware
  • wsr-2533dhp2
  • wsr-2533dhpls
  • wex-1800ax4ea_firmware
  • wsr-a2533dhp3
  • wex-1800ax4ea
  • wex-1800ax4
  • wsr-3200ax4b_firmware
  • wsr-3200ax4s_firmware
  • wsr-2533dhpl2_firmware