Lucene search
JpcertCVE-2024-44072HistorySep 10, 2024 - 7:15 a.m.
CVE-2024-44072
2024-09-1007:15:01
CWE-78
jpcert
web.nvd.nist.gov
22
cve-2024-44072
os command injection
buffalo
wireless lan
routers
repeaters
management page
crafted request
arbitrary command
CVSS3
5.7
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
AI Score
7.5
Confidence
High
EPSS
0
Percentile
10.2%
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product’s specific management page, an arbitrary OS command may be executed.
Affected configurations
Node
buffalowsr-1166dhp2Match2.95
buffalowsr-1166dhp3_firmwareMatch2.95
buffalowsr-1166dhp4Match2.95
buffalowsr-1166dhp3_firmwareMatch1.18
buffalowsr-2533dhp2Match2.93
buffalowex-1800ax4eaMatch1.02
buffalowex-1800ax4eaMatch1.03
buffalowsr-1166dhp2Match1.05
buffalowex-1800ax4eaMatch1.05
buffalowex-1800ax4eaMatch1.02
buffalowex-1800ax4eaMatch1.02
buffalowex-1800ax4eaMatch1.03
buffalowex-1800ax4eaMatch1.23
buffalowex-1800ax4eaMatch1.64
buffalowzr-1166dhpMatch2.92
buffalowhr-amg54_firmwareMatch2.51
buffalowhr-amg54_firmwareMatch2.91
buffalowmr-433Match2.50
| Vendor | Product | Version | CPE |
|---|---|---|---|
| buffalo | wsr-1166dhp2 | 2.95 | cpe:2.3:a:buffalo:wsr-1166dhp2:2.95:*:*:*:*:*:*:* |
| buffalo | wsr-1166dhp3_firmware | 2.95 | cpe:2.3:o:buffalo:wsr-1166dhp3_firmware:2.95:*:*:*:*:*:*:* |
| buffalo | wsr-1166dhp4 | 2.95 | cpe:2.3:h:buffalo:wsr-1166dhp4:2.95:*:*:*:*:*:*:* |
| buffalo | wsr-1166dhp3_firmware | 1.18 | cpe:2.3:o:buffalo:wsr-1166dhp3_firmware:1.18:*:*:*:*:*:*:* |
| buffalo | wsr-2533dhp2 | 2.93 | cpe:2.3:h:buffalo:wsr-2533dhp2:2.93:*:*:*:*:*:*:* |
| buffalo | wex-1800ax4ea | 1.02 | cpe:2.3:h:buffalo:wex-1800ax4ea:1.02:*:*:*:*:*:*:* |
| buffalo | wex-1800ax4ea | 1.03 | cpe:2.3:h:buffalo:wex-1800ax4ea:1.03:*:*:*:*:*:*:* |
| buffalo | wsr-1166dhp2 | 1.05 | cpe:2.3:a:buffalo:wsr-1166dhp2:1.05:*:*:*:*:*:*:* |
| buffalo | wex-1800ax4ea | 1.05 | cpe:2.3:h:buffalo:wex-1800ax4ea:1.05:*:*:*:*:*:*:* |
| buffalo | wex-1800ax4ea | 1.23 | cpe:2.3:h:buffalo:wex-1800ax4ea:1.23:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "BUFFALO INC.",
"product": "WHR-1166DHP2",
"versions": [
{
"version": "Ver. 2.95 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WHR-1166DHP3",
"versions": [
{
"version": "Ver. 2.95 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WHR-1166DHP4",
"versions": [
{
"version": "Ver. 2.95 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WSR-1166DHP3",
"versions": [
{
"version": "Ver. 1.18 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WSR-600DHP",
"versions": [
{
"version": "Ver. 2.93 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-300HPTX/N",
"versions": [
{
"version": "Ver. 1.02 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-733DHP2",
"versions": [
{
"version": "Ver. 1.03 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-1166DHP2",
"versions": [
{
"version": "Ver. 1.05 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-1166DHPS",
"versions": [
{
"version": "Ver. 1.05 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-300HPS/N",
"versions": [
{
"version": "Ver. 1.02 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-733DHPS",
"versions": [
{
"version": "Ver. 1.02 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-733DHPTX",
"versions": [
{
"version": "Ver. 1.03 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-1166DHP",
"versions": [
{
"version": "Ver. 1.23 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WEX-733DHP",
"versions": [
{
"version": "Ver. 1.64 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WHR-1166DHP",
"versions": [
{
"version": "Ver. 2.92 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WHR-300HP2",
"versions": [
{
"version": "Ver. 2.51 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WHR-600D",
"versions": [
{
"version": "Ver. 2.91 and earlier",
"status": "affected"
}
]
},
{
"vendor": "BUFFALO INC.",
"product": "WMR-300",
"versions": [
{
"version": "Ver. 2.50 and earlier",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-44072
2024-09-10 07:15:01
vulnrichment
vulnrichment
CVE-2024-44072
2024-09-10 06:56:44
jvn
jvn
cvelist
cvelist
CVE-2024-44072
2024-09-10 06:56:44
CVSS3
5.7
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
AI Score
7.5
Confidence
High
EPSS
0
Percentile
10.2%
Related for CVE-2024-44072