Lucene search

[email protected]NVD:CVE-2022-43466

HistoryDec 19, 2022 - 3:15 a.m.

CVE-2022-43466

2022-12-1903:15:10

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-43466

network devices

os command injection

buffalo

administrative privilege

arbitrary command

cgi program

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.4%

JSON

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

Affected configurations

Nvd

Node

buffalowsr-3200ax4s_firmwareRange≤1.26

AND

buffalowsr-3200ax4sMatch-

Node

buffalowsr-3200ax4b_firmwareMatch1.25

AND

buffalowsr-3200ax4bMatch-

Node

buffalowsr-2533dhp2_firmwareRange≤1.22

AND

buffalowsr-2533dhp2Match-

Node

buffalowsr-a2533dhp2_firmwareRange≤1.22

AND

buffalowsr-a2533dhp2Match-

Node

buffalowsr-2533dhp3_firmwareRange≤1.26

AND

buffalowsr-2533dhp3Match-

Node

buffalowsr-a2533dhp3_firmwareRange≤1.26

AND

buffalowsr-a2533dhp3Match-

Node

buffalowsr-2533dhpl2_firmwareRange≤1.03

AND

buffalowsr-2533dhpl2Match-

Node

buffalowsr-2533dhpls_firmwareRange≤1.07

AND

buffalowsr-2533dhplsMatch-

Node

buffalowex-1800ax4_firmwareRange≤1.13

AND

buffalowex-1800ax4Match-

Node

buffalowex-1800ax4ea_firmwareRange≤1.13

AND

buffalowex-1800ax4eaMatch-

VendorProductVersionCPE
buffalowsr-3200ax4s_firmware*cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*
buffalowsr-3200ax4s-cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*
buffalowsr-3200ax4b_firmware1.25cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*
buffalowsr-3200ax4b-cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*
buffalowsr-2533dhp2_firmware*cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*
buffalowsr-2533dhp2-cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*
buffalowsr-a2533dhp2_firmware*cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*
buffalowsr-a2533dhp2-cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*
buffalowsr-2533dhp3_firmware*cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*
buffalowsr-2533dhp3-cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buffalo	wsr-3200ax4s_firmware	*	cpe:2.3:o:buffalo:wsr-3200ax4s_firmware::::::::
buffalo	wsr-3200ax4s	-	cpe:2.3:h:buffalo:wsr-3200ax4s:-:::::::*
buffalo	wsr-3200ax4b_firmware	1.25	cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:::::::*
buffalo	wsr-3200ax4b	-	cpe:2.3:h:buffalo:wsr-3200ax4b:-:::::::*
buffalo	wsr-2533dhp2_firmware	*	cpe:2.3:o:buffalo:wsr-2533dhp2_firmware::::::::
buffalo	wsr-2533dhp2	-	cpe:2.3:h:buffalo:wsr-2533dhp2:-:::::::*
buffalo	wsr-a2533dhp2_firmware	*	cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware::::::::
buffalo	wsr-a2533dhp2	-	cpe:2.3:h:buffalo:wsr-a2533dhp2:-:::::::*
buffalo	wsr-2533dhp3_firmware	*	cpe:2.3:o:buffalo:wsr-2533dhp3_firmware::::::::
buffalo	wsr-2533dhp3	-	cpe:2.3:h:buffalo:wsr-2533dhp3:-:::::::*

Rows per page:

1-10 of 201

References

jvn.jp/en/vu/JVNVU97099584/

www.buffalo.jp/news/detail/20240131-01.html

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.4%

JSON

Related for NVD:CVE-2022-43466

cve1 prion1 cvelist1