Japan Vulnerability NotesJVN:58236836JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers
Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below.
Plaintext storage of a password (CWE-256) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486OS Command Injection (CWE-78) CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-26023
Impact
- A network-adjacent attacker with access to the product’s login page may obtain configured credentials (CVE-2024-23486)
- A logged-in user may execute an arbitrary OS command (CVE-2024-26023)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Products Affected
CVE-2024-23486
-
WSR-2533DHP firmware Ver. 1.06 and earlier
-
WSR-2533DHPL firmware Ver. 1.06 and earlier
-
WSR-2533DHP2 firmware Ver. 1.10 and earlier
-
WSR-A2533DHP2 firmware Ver. 1.10 and earlier
CVE-2024-26023 -
WCR-1166DS firmware Ver. 1.32 and earlier
-
WSR-1166DHP firmware Ver. 1.14 and earlier
-
WSR-1166DHP2 firmware Ver. 1.14 and earlier
-
WSR-2533DHP firmware Ver. 1.06 and earlier
-
WSR-2533DHPL firmware Ver. 1.06 and earlier
-
WSR-2533DHP2 firmware Ver. 1.10 and earlier
-
WSR-A2533DHP2 firmware Ver. 1.10 and earlier
Related
