Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-40966
HistoryDec 07, 2022 - 10:15 a.m.

CVE-2022-40966

2022-12-0710:15:11
CWE-287
[email protected]
web.nvd.nist.gov
29
cve-2022-40966
authentication bypass
buffalo
network devices
vulnerability
security
nvd

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.

Affected configurations

NVD
Node
buffalowcr-300_firmwareRange1.87
AND
buffalowcr-300Match-
Node
buffalowhr-hp-g300n_firmwareRange2.00
AND
buffalowhr-hp-g300nMatch-
Node
buffalowhr-hp-gn_firmwareRange1.87
AND
buffalowhr-hp-gnMatch-
Node
buffalowpl-05g300_firmwareRange1.88
AND
buffalowpl-05g300Match-
Node
buffalowrm-d2133hp_firmwareRange2.85
AND
buffalowrm-d2133hpMatch-
Node
buffalowrm-d2133hs_firmwareRange2.96
AND
buffalowrm-d2133hsMatch-
Node
buffalowtr-m2133hp_firmwareRange2.85
AND
buffalowtr-m2133hpMatch-
Node
buffalowtr-m2133hs_firmwareRange2.96
AND
buffalowtr-m2133hsMatch-
Node
buffalowxr-1900dhp_firmwareRange2.50
AND
buffalowxr-1900dhpMatch-
Node
buffalowxr-1900dhp2_firmwareRange2.59
AND
buffalowxr-1900dhp2Match-
Node
buffalowxr-1900dhp3_firmwareRange2.63
AND
buffalowxr-1900dhp3Match-
Node
buffalowxr-5950ax12_firmwareRange3.40
AND
buffalowxr-5950ax12Match-
Node
buffalowxr-6000ax12b_firmwareRange3.40
AND
buffalowxr-6000ax12bMatch-
Node
buffalowxr-6000ax12s_firmwareRange3.40
AND
buffalowxr-6000ax12sMatch-
Node
buffalowzr-300hp_firmwareRange2.00
AND
buffalowzr-300hpMatch-
Node
buffalowzr-450hp_firmwareRange2.00
AND
buffalowzr-450hpMatch-
Node
buffalowzr-600dhp_firmwareRange2.00
AND
buffalowzr-600dhpMatch-
Node
buffalowzr-900dhp_firmwareRange1.15
AND
buffalowzr-900dhpMatch-
Node
buffalowzr-1750dhp2_firmwareRange2.31
AND
buffalowzr-1750dhp2Match-
Node
buffalowzr-hp-ag300h_firmwareRange1.76
AND
buffalowzr-hp-ag300hMatch-
Node
buffalowzr-hp-g302h_firmwareRange1.86
AND
buffalowzr-hp-g302hMatch-
Node
buffalowem-1266_firmwareRange2.85
AND
buffalowem-1266Match-
Node
buffalowem-1266wp_firmwareRange2.85
AND
buffalowem-1266wpMatch-
Node
buffalowlae-ag300n_firmwareRange1.86
AND
buffalowlae-ag300nMatch-
Node
buffalofs-600dhp_firmwareRange3.40
AND
buffalofs-600dhpMatch-
Node
buffalofs-g300n_firmwareRange3.14
AND
buffalofs-g300nMatch-
Node
buffalofs-hp-g300n_firmwareRange3.33
AND
buffalofs-hp-g300nMatch-
Node
buffalofs-r600dhp_firmwareRange3.40
AND
buffalofs-r600dhpMatch-
Node
buffalobhr-4grv_firmwareRange2.00
AND
buffalobhr-4grvMatch-
Node
buffalodwr-hp-g300nh_firmwareRange1.84
AND
buffalodwr-hp-g300nhMatch-
Node
buffalodwr-pg_firmwareRange1.83
AND
buffalodwr-pgMatch-
Node
buffalohw-450hp-zwe_firmwareRange2.00
AND
buffalohw-450hp-zweMatch-
Node
buffalower-a54g54_firmwareRange1.43
AND
buffalower-a54g54Match-
Node
buffalower-ag54_firmwareRange1.43
AND
buffalower-ag54Match-
Node
buffalower-am54g54_firmwareRange1.43
AND
buffalower-am54g54Match-
Node
buffalower-amg54_firmwareRange1.43
AND
buffalower-amg54Match-
Node
buffalowhr-300_firmwareRange2.00
AND
buffalowhr-300Match-
Node
buffalowhr-300hp_firmwareRange2.00
AND
buffalowhr-300hpMatch-
Node
buffalowhr-am54g54_firmwareRange1.43
AND
buffalowhr-am54g54Match-
Node
buffalowhr-amg54_firmwareRange1.43
AND
buffalowhr-amg54Match-
Node
buffalowhr-ampg_firmwareRange1.52
AND
buffalowhr-ampgMatch-
Node
buffalowhr-g_firmwareRange1.49
AND
buffalowhr-gMatch-
Node
buffalowhr-g300n_firmwareRange1.65
AND
buffalowhr-g300nMatch-
Node
buffalowhr-g301n_firmwareRange1.87
AND
buffalowhr-g301nMatch-
Node
buffalowhr-g54s_firmwareRange1.43
AND
buffalowhr-g54sMatch-
Node
buffalowhr-g54s-ni_firmwareRange1.24
AND
buffalowhr-g54s-niMatch-
Node
buffalowhr-hp-ampg_firmwareRange1.43
AND
buffalowhr-hp-ampgMatch-
Node
buffalowhr-hp-g_firmwareRange1.49
AND
buffalowhr-hp-gMatch-
Node
buffalowhr-hp-g54_firmwareRange1.43
AND
buffalowhr-hp-g54Match-
Node
buffalowli-h4-d600_firmwareRange1.88
AND
buffalowli-h4-d600Match-
Node
buffalows024bf_firmwareRange1.60
AND
buffalows024bfMatch-
Node
buffalows024bf-nw_firmwareRange1.60
AND
buffalows024bf-nwMatch-
Node
buffalowxr-1750dhp_firmwareRange2.60
AND
buffalowxr-1750dhpMatch-
Node
buffalowxr-1750dhp2_firmwareRange2.60
AND
buffalowxr-1750dhp2Match-
Node
buffalowzr-1166dhp_firmwareRange2.18
AND
buffalowzr-1166dhpMatch-
Node
buffalowzr-1166dhp2_firmwareRange2.18
AND
buffalowzr-1166dhp2Match-
Node
buffalowzr-1750dhp_firmwareRange2.30
AND
buffalowzr-1750dhpMatch-
Node
buffalowzr2-g300n_firmwareRange1.55
AND
buffalowzr2-g300nMatch-
Node
buffalowzr-450hp-cwt_firmwareRange2.00
AND
buffalowzr-450hp-cwtMatch-
Node
buffalowzr-450hp-ub_firmwareRange2.00
AND
buffalowzr-450hp-ubMatch-
Node
buffalowzr-600dhp2_firmwareRange1.15
AND
buffalowzr-600dhp2Match-
Node
buffalowzr-600dhp3_firmwareRange2.19
AND
buffalowzr-600dhp3Match-
Node
buffalowzr-900dhp2_firmwareRange2.19
AND
buffalowzr-900dhp2Match-
Node
buffalowzr-agl300nh_firmwareRange1.55
AND
buffalowzr-agl300nhMatch-
Node
buffalowzr-ampg144nh_firmwareRange1.49
AND
buffalowzr-ampg144nhMatch-
Node
buffalowzr-ampg300nh_firmwareRange1.51
AND
buffalowzr-ampg300nhMatch-
Node
buffalowzr-d1100h_firmwareRange2.00
AND
buffalowzr-d1100hMatch-
Node
buffalowzr-g144n_firmwareRange1.48
AND
buffalowzr-g144nMatch-
Node
buffalowzr-g144nh_firmwareRange1.48
AND
buffalowzr-g144nhMatch-
Node
buffalowzr-hp-g300nh_firmwareRange1.84
AND
buffalowzr-hp-g300nhMatch-
Node
buffalowzr-hp-g301nh_firmwareRange1.84
AND
buffalowzr-hp-g301nhMatch-
Node
buffalowzr-hp-g450h_firmwareRange1.90
AND
buffalowzr-hp-g450hMatch-
Node
buffalowzr-s1750dhp_firmwareRange2.32
AND
buffalowzr-s1750dhpMatch-
Node
buffalowzr-s600dhp_firmwareRange2.19
AND
buffalowzr-s600dhpMatch-
Node
buffalowzr-s900dhp_firmwareRange2.19
AND
buffalowzr-s900dhpMatch-

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "Buffalo network devices",
    "versions": [
      {
        "version": "A wide range of products is affected.  For the specific products/versions information, see the URLs  provided by the vendor and JVN which are listed in [Reference] section.",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Authentication flaw
2022-12-07 10:15:00
cvelist
cvelist
CVE-2022-40966
2022-12-07 00:00:00
nvd
nvd
CVE-2022-40966
2022-12-07 10:15:11

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON
Related for CVE-2022-40966
prion1cvelist1nvd1