Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-39044
HistoryDec 07, 2022 - 10:15 a.m.

CVE-2022-39044

2022-12-0710:15:11
[email protected]
web.nvd.nist.gov
33
cve-2022-39044
buffalo
network devices
vulnerability
arbitrary command execution
security advisory.

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.

Affected configurations

NVD
Node
buffalowcr-300_firmwareRange1.87
AND
buffalowcr-300Match-
Node
buffalowhr-hp-g300n_firmwareRange2.00
AND
buffalowhr-hp-g300nMatch-
Node
buffalowhr-hp-gn_firmwareRange1.87
AND
buffalowhr-hp-gnMatch-
Node
buffalowpl-05g300_firmwareRange1.88
AND
buffalowpl-05g300Match-
Node
buffalowzr-300hp_firmwareRange2.00
AND
buffalowzr-300hpMatch-
Node
buffalowzr-450hp_firmwareRange2.00
AND
buffalowzr-450hpMatch-
Node
buffalowzr-600dhp_firmwareRange2.00
AND
buffalowzr-600dhpMatch-
Node
buffalowzr-900dhp_firmwareRange1.15
AND
buffalowzr-900dhpMatch-
Node
buffalowzr-hp-ag300h_firmwareRange1.76
AND
buffalowzr-hp-ag300hMatch-
Node
buffalowzr-hp-g302h_firmwareRange1.86
AND
buffalowzr-hp-g302hMatch-
Node
buffalowlae-ag300n_firmwareRange1.86
AND
buffalowlae-ag300nMatch-
Node
buffalofs-600dhp_firmwareRange3.40
AND
buffalofs-600dhpMatch-
Node
buffalofs-g300n_firmwareRange3.14
AND
buffalofs-g300nMatch-
Node
buffalofs-hp-g300n_firmwareRange3.33
AND
buffalofs-hp-g300nMatch-
Node
buffalofs-r600dhp_firmwareRange3.40
AND
buffalofs-r600dhpMatch-
Node
buffalobhr-4grv_firmwareRange2.00
AND
buffalobhr-4grvMatch-
Node
buffalodwr-hp-g300nh_firmwareRange1.84
AND
buffalodwr-hp-g300nhMatch-
Node
buffalodwr-pg_firmwareRange1.83
AND
buffalodwr-pgMatch-
Node
buffalohw-450hp-zwe_firmwareRange2.00
AND
buffalohw-450hp-zweMatch-
Node
buffalower-a54g54_firmwareRange1.43
AND
buffalower-a54g54Match-
Node
buffalower-ag54_firmwareRange1.43
AND
buffalower-ag54Match-
Node
buffalower-am54g54_firmwareRange1.43
AND
buffalower-am54g54Match-
Node
buffalower-amg54_firmwareRange1.43
AND
buffalower-amg54Match-
Node
buffalowhr-300_firmwareRange2.00
AND
buffalowhr-300Match-
Node
buffalowhr-300hp_firmwareRange2.00
AND
buffalowhr-300hpMatch-
Node
buffalowhr-am54g54_firmwareRange1.43
AND
buffalowhr-am54g54Match-
Node
buffalowhr-amg54_firmwareRange1.43
AND
buffalowhr-amg54Match-
Node
buffalowhr-ampg_firmwareRange1.52
AND
buffalowhr-ampgMatch-
Node
buffalowhr-g_firmwareRange1.49
AND
buffalowhr-gMatch-
Node
buffalowhr-g300n_firmwareRange1.65
AND
buffalowhr-g300nMatch-
Node
buffalowhr-g301n_firmwareRange1.87
AND
buffalowhr-g301nMatch-
Node
buffalowhr-g54s_firmwareRange1.43
AND
buffalowhr-g54sMatch-
Node
buffalowhr-g54s-ni_firmwareRange1.24
AND
buffalowhr-g54s-niMatch-
Node
buffalowhr-hp-ampg_firmwareRange1.49
AND
buffalowhr-hp-ampgMatch-
Node
buffalowhr-hp-g_firmwareRange1.49
AND
buffalowhr-hp-gMatch-
Node
buffalowhr-hp-g54_firmwareRange1.43
AND
buffalowhr-hp-g54Match-
Node
buffalowli-h4-d600_firmwareRange1.88
AND
buffalowli-h4-d600Match-
Node
buffalowli-tx4-ag300n_firmwareRange1.53
AND
buffalowli-tx4-ag300nMatch-
Node
buffalows024bf_firmwareRange1.60
AND
buffalows024bfMatch-
Node
buffalows024bf-nw_firmwareRange1.60
AND
buffalows024bf-nwMatch-
Node
buffalowzr2-g108_firmwareRange1.33
AND
buffalowzr2-g108Match-
Node
buffalowzr2-g300n_firmwareRange1.55
AND
buffalowzr2-g300nMatch-
Node
buffalowzr-450hp-cwt_firmwareRange2.00
AND
buffalowzr-450hp-cwtMatch-
Node
buffalowzr-450hp-ub_firmwareRange2.00
AND
buffalowzr-450hp-ubMatch-
Node
buffalowzr-600dhp2_firmwareRange1.15
AND
buffalowzr-600dhp2Match-
Node
buffalowzr-agl300nh_firmwareRange1.55
AND
buffalowzr-agl300nhMatch-
Node
buffalowzr-ampg144nh_firmwareRange1.49
AND
buffalowzr-ampg144nhMatch-
Node
buffalowzr-ampg300nh_firmwareRange1.51
AND
buffalowzr-ampg300nhMatch-
Node
buffalowzr-d1100h_firmwareRange2.00
AND
buffalowzr-d1100hMatch-
Node
buffalowzr-g144n_firmwareRange1.48
AND
buffalowzr-g144nMatch-
Node
buffalowzr-g144nh_firmwareRange1.48
AND
buffalowzr-g144nhMatch-
Node
buffalowzr-hp-g300nh_firmwareRange1.84
AND
buffalowzr-hp-g300nhMatch-
Node
buffalowzr-hp-g301nh_firmwareRange1.84
AND
buffalowzr-hp-g301nhMatch-
Node
buffalowzr-hp-g450h_firmwareRange1.90
AND
buffalowzr-hp-g450hMatch-

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "Buffalo network devices",
    "versions": [
      {
        "version": "A wide range of products is affected.  For the specific products/versions information, see the URLs  provided by the vendor and JVN which are listed in [Reference] section.",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Denial of service
2022-12-07 10:15:00
cvelist
cvelist
CVE-2022-39044
2022-12-07 00:00:00
nvd
nvd
CVE-2022-39044
2022-12-07 10:15:11

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2022-39044
prion1cvelist1nvd1