Lucene search

[email protected]CVE-2024-26023

HistoryApr 15, 2024 - 11:15 a.m.

CVE-2024-26023

2024-04-1511:15:08

[email protected]

web.nvd.nist.gov

cve-2024-26023

os command injection

buffalo

wireless lan routers

logged-in user

execute

arbitrary os commands

nvd

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

Affected configurations

Vulners

Node

buffalowcr-1166dsMatch1.32

buffalowzr-1166dhpMatch1.14

buffalowzr-1166dhp2Match1.14

buffalowsr-2533dhpMatch1.06

buffalowsr-2533dhplMatch1.06

buffalowsr-2533dhp2Match1.10

buffalowsr-a2533dhp2Match1.10

VendorProductVersionCPE
buffalowcr\-1166ds1.32cpe:2.3:h:buffalo:wcr\-1166ds:1.32:*:*:*:*:*:*:*
buffalowzr\-1166dhp1.14cpe:2.3:h:buffalo:wzr\-1166dhp:1.14:*:*:*:*:*:*:*
buffalowzr\-1166dhp21.14cpe:2.3:h:buffalo:wzr\-1166dhp2:1.14:*:*:*:*:*:*:*
buffalowsr\-2533dhp1.06cpe:2.3:h:buffalo:wsr\-2533dhp:1.06:*:*:*:*:*:*:*
buffalowsr\-2533dhpl1.06cpe:2.3:h:buffalo:wsr\-2533dhpl:1.06:*:*:*:*:*:*:*
buffalowsr\-2533dhp21.10cpe:2.3:h:buffalo:wsr\-2533dhp2:1.10:*:*:*:*:*:*:*
buffalowsr\-a2533dhp21.10cpe:2.3:h:buffalo:wsr\-a2533dhp2:1.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buffalo	wcr\-1166ds	1.32	cpe:2.3:h:buffalo:wcr\-1166ds:1.32:::::::*
buffalo	wzr\-1166dhp	1.14	cpe:2.3:h:buffalo:wzr\-1166dhp:1.14:::::::*
buffalo	wzr\-1166dhp2	1.14	cpe:2.3:h:buffalo:wzr\-1166dhp2:1.14:::::::*
buffalo	wsr\-2533dhp	1.06	cpe:2.3:h:buffalo:wsr\-2533dhp:1.06:::::::*
buffalo	wsr\-2533dhpl	1.06	cpe:2.3:h:buffalo:wsr\-2533dhpl:1.06:::::::*
buffalo	wsr\-2533dhp2	1.10	cpe:2.3:h:buffalo:wsr\-2533dhp2:1.10:::::::*
buffalo	wsr\-a2533dhp2	1.10	cpe:2.3:h:buffalo:wsr\-a2533dhp2:1.10:::::::*

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "WCR-1166DS",
    "versions": [
      {
        "version": "firmware Ver. 1.32 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-1166DHP",
    "versions": [
      {
        "version": "firmware Ver. 1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-1166DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHPL",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-A2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN58236836/

www.buffalo.jp/news/detail/20240410-01.html