Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below.
Plaintext storage of a password (CWE-256) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486OS Command Injection (CWE-78) CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-26023
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
CVE-2024-23486
WSR-2533DHP firmware Ver. 1.06 and earlier
WSR-2533DHPL firmware Ver. 1.06 and earlier
WSR-2533DHP2 firmware Ver. 1.10 and earlier
WSR-A2533DHP2 firmware Ver. 1.10 and earlier
CVE-2024-26023
WCR-1166DS firmware Ver. 1.32 and earlier
WSR-1166DHP firmware Ver. 1.14 and earlier
WSR-1166DHP2 firmware Ver. 1.14 and earlier
WSR-2533DHP firmware Ver. 1.06 and earlier
WSR-2533DHPL firmware Ver. 1.06 and earlier
WSR-2533DHP2 firmware Ver. 1.10 and earlier
WSR-A2533DHP2 firmware Ver. 1.10 and earlier