CVE-2024-26023

2024-04-1510:51:04

jpcert

www.cve.org

cve-2024-26023

command injection

buffalo

wireless lan

routers

os commands

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "WCR-1166DS",
    "versions": [
      {
        "version": "firmware Ver. 1.32 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-1166DHP",
    "versions": [
      {
        "version": "firmware Ver. 1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-1166DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.14 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHPL",
    "versions": [
      {
        "version": "firmware Ver. 1.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "BUFFALO INC.",
    "product": "WSR-A2533DHP2",
    "versions": [
      {
        "version": "firmware Ver. 1.10 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN58236836/

www.buffalo.jp/news/detail/20240410-01.html