CVE-2022-43486

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:26

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU97099584/ - () https://jvn.jp/en/vu/JVNVU97099584/ -
References () https://www.buffalo.jp/news/detail/20240131-01.html - () https://www.buffalo.jp/news/detail/20240131-01.html -

14 Feb 2024, 07:15

Type Values Removed Values Added
Summary Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device. Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
References
  • {'url': 'https://jvn.jp/en/vu/JVNVU97099584/index.html', 'name': 'https://jvn.jp/en/vu/JVNVU97099584/index.html', 'tags': ['Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
  • {'url': 'https://www.buffalo.jp/news/detail/20221205-01.html', 'name': 'https://www.buffalo.jp/news/detail/20221205-01.html', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () https://www.buffalo.jp/news/detail/20240131-01.html -
  • () https://jvn.jp/en/vu/JVNVU97099584/ -

Information

Published : 2022-12-19 03:15

Updated : 2024-11-21 07:26


NVD link : CVE-2022-43486

Mitre link : CVE-2022-43486

CVE.ORG link : CVE-2022-43486


JSON object : View

Products Affected

buffalo

  • wex-1800ax4ea
  • wsr-a2533dhp3
  • wsr-2533dhp2_firmware
  • wsr-a2533dhp2
  • wsr-2533dhp_firmware
  • wsr-2533dhpl2_firmware
  • wsr-2533dhpl_firmware
  • wsr-a2533dhp3_firmware
  • wsr-2533dhp
  • wsr-2533dhpl
  • wcr-1166ds_firmware
  • wsr-2533dhpl2
  • wsr-3200ax4s_firmware
  • wex-1800ax4ea_firmware
  • wex-1800ax4_firmware
  • wsr-2533dhpls_firmware
  • wsr-3200ax4b
  • wsr-2533dhp3
  • wsr-a2533dhp2_firmware
  • wex-1800ax4
  • wsr-2533dhp2
  • wsr-2533dhp3_firmware
  • wsr-2533dhpls
  • wsr-3200ax4s
  • wcr-1166ds
  • wsr-3200ax4b_firmware