Command injection

2022-12-1903:15:00

PRIOn knowledge base

www.prio-n.com

command injection

network devices

vulnerability

management page

nvd

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.7%

JSON

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

CPENameOperatorVersion
wcr-1166ds_firmwarele1.34
wsr-2533dhp2_firmwarele1.22
wsr-2533dhp3_firmwarele1.26
wsr-2533dhp_firmwarele1.08
wsr-2533dhpl2_firmwarele1.03
wsr-2533dhpl_firmwarele1.08
wsr-2533dhpls_firmwarele1.07
wsr-3200ax4b_firmwareeq1.25
wsr-3200ax4s_firmwarele1.26
wsr-a2533dhp2_firmwarele1.22

Name	Operator	Version
wcr-1166ds_firmware	le	1.34
wsr-2533dhp2_firmware	le	1.22
wsr-2533dhp3_firmware	le	1.26
wsr-2533dhp_firmware	le	1.08
wsr-2533dhpl2_firmware	le	1.03
wsr-2533dhpl_firmware	le	1.08
wsr-2533dhpls_firmware	le	1.07
wsr-3200ax4b_firmware	eq	1.25
wsr-3200ax4s_firmware	le	1.26
wsr-a2533dhp2_firmware	le	1.22