7.7

CVE-2014-9284

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BuffalotechWsr-600dhp Firmware Version <= 1.60
   BuffalotechWsr-600dhp Version-
BuffalotechWhr-300hp2 Firmware Version <= 1.60
   BuffalotechWhr-300hp2 Version-
BuffalotechWhr-1166dhp Firmware Version <= 1.60
   BuffalotechWhr-1166dhp Version-
BuffalotechBhr-4grv2 Firmware Version <= 1.04
   BuffalotechBhr-4grv2 Version-
BuffalotechWmr-300 Firmware Version <= 1.60
   BuffalotechWmr-300 Version-
BuffalotechWex-300 Firmware Version <= 1.60
   BuffalotechWex-300 Version-
BuffalotechWhr-600d Firmware Version <= 1.60
   BuffalotechWhr-600d Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.7
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.7 5.1 10
AV:A/AC:L/Au:S/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.