CVE-2024-23486

2024-04-1510:50:01

jpcert

www.cve.org

cve-2024-23486

plaintext storage

password issue

buffalo

wireless lan routers

unauthenticated attacker

configured credentials

network-adjacent

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product’s login page may obtain configured credentials.

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHPL",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-A2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN58236836/

www.buffalo.jp/news/detail/20240410-01.html