CVE-2022-39044

EPSS 0.14%
Veröffentlicht 07.12.2022 10:15:11
Zuletzt bearbeitet 23.04.2025 16:15:22
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Buffalo ≫ Wcr-300 Firmware Version <= 1.87

Buffalo ≫ Wcr-300 Version-

Buffalo ≫ Whr-hp-g300n Firmware Version <= 2.00

Buffalo ≫ Whr-hp-g300n Version-

Buffalo ≫ Whr-hp-gn Firmware Version <= 1.87

Buffalo ≫ Whr-hp-gn Version-

Buffalo ≫ Wpl-05g300 Firmware Version <= 1.88

Buffalo ≫ Wpl-05g300 Version-

Buffalo ≫ Wzr-300hp Firmware Version <= 2.00

Buffalo ≫ Wzr-300hp Version-

Buffalo ≫ Wzr-450hp Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp Version-

Buffalo ≫ Wzr-600dhp Firmware Version <= 2.00

Buffalo ≫ Wzr-600dhp Version-

Buffalo ≫ Wzr-900dhp Firmware Version <= 1.15

Buffalo ≫ Wzr-900dhp Version-

Buffalo ≫ Wzr-hp-ag300h Firmware Version <= 1.76

Buffalo ≫ Wzr-hp-ag300h Version-

Buffalo ≫ Wzr-hp-g302h Firmware Version <= 1.86

Buffalo ≫ Wzr-hp-g302h Version-

Buffalo ≫ Wlae-ag300n Firmware Version <= 1.86

Buffalo ≫ Wlae-ag300n Version-

Buffalo ≫ Fs-600dhp Firmware Version <= 3.40

Buffalo ≫ Fs-600dhp Version-

Buffalo ≫ Fs-g300n Firmware Version <= 3.14

Buffalo ≫ Fs-g300n Version-

Buffalo ≫ Fs-hp-g300n Firmware Version <= 3.33

Buffalo ≫ Fs-hp-g300n Version-

Buffalo ≫ Fs-r600dhp Firmware Version <= 3.40

Buffalo ≫ Fs-r600dhp Version-

Buffalo ≫ Bhr-4grv Firmware Version <= 2.00

Buffalo ≫ Bhr-4grv Version-

Buffalo ≫ Dwr-hp-g300nh Firmware Version <= 1.84

Buffalo ≫ Dwr-hp-g300nh Version-

Buffalo ≫ Dwr-pg Firmware Version <= 1.83

Buffalo ≫ Dwr-pg Version-

Buffalo ≫ Hw-450hp-zwe Firmware Version <= 2.00

Buffalo ≫ Hw-450hp-zwe Version-

Buffalo ≫ Wer-a54g54 Firmware Version <= 1.43

Buffalo ≫ Wer-a54g54 Version-

Buffalo ≫ Wer-ag54 Firmware Version <= 1.43

Buffalo ≫ Wer-ag54 Version-

Buffalo ≫ Wer-am54g54 Firmware Version <= 1.43

Buffalo ≫ Wer-am54g54 Version-

Buffalo ≫ Wer-amg54 Firmware Version <= 1.43

Buffalo ≫ Wer-amg54 Version-

Buffalo ≫ Whr-300 Firmware Version <= 2.00

Buffalo ≫ Whr-300 Version-

Buffalo ≫ Whr-300hp Firmware Version <= 2.00

Buffalo ≫ Whr-300hp Version-

Buffalo ≫ Whr-am54g54 Firmware Version <= 1.43

Buffalo ≫ Whr-am54g54 Version-

Buffalo ≫ Whr-amg54 Firmware Version <= 1.43

Buffalo ≫ Whr-amg54 Version-

Buffalo ≫ Whr-ampg Firmware Version <= 1.52

Buffalo ≫ Whr-ampg Version-

Buffalo ≫ Whr-g Firmware Version <= 1.49

Buffalo ≫ Whr-g Version-

Buffalo ≫ Whr-g300n Firmware Version <= 1.65

Buffalo ≫ Whr-g300n Version-

Buffalo ≫ Whr-g301n Firmware Version <= 1.87

Buffalo ≫ Whr-g301n Version-

Buffalo ≫ Whr-g54s Firmware Version <= 1.43

Buffalo ≫ Whr-g54s Version-

Buffalo ≫ Whr-g54s-ni Firmware Version <= 1.24

Buffalo ≫ Whr-g54s-ni Version-

Buffalo ≫ Whr-hp-ampg Firmware Version <= 1.49

Buffalo ≫ Whr-hp-ampg Version-

Buffalo ≫ Whr-hp-g Firmware Version <= 1.49

Buffalo ≫ Whr-hp-g Version-

Buffalo ≫ Whr-hp-g54 Firmware Version <= 1.43

Buffalo ≫ Whr-hp-g54 Version-

Buffalo ≫ Wli-h4-d600 Firmware Version <= 1.88

Buffalo ≫ Wli-h4-d600 Version-

Buffalo ≫ Wli-tx4-ag300n Firmware Version <= 1.53

Buffalo ≫ Wli-tx4-ag300n Version-

Buffalo ≫ Ws024bf Firmware Version <= 1.60

Buffalo ≫ Ws024bf Version-

Buffalo ≫ Ws024bf-nw Firmware Version <= 1.60

Buffalo ≫ Ws024bf-nw Version-

Buffalo ≫ Wzr2-g108 Firmware Version <= 1.33

Buffalo ≫ Wzr2-g108 Version-

Buffalo ≫ Wzr2-g300n Firmware Version <= 1.55

Buffalo ≫ Wzr2-g300n Version-

Buffalo ≫ Wzr-450hp-cwt Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp-cwt Version-

Buffalo ≫ Wzr-450hp-ub Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp-ub Version-

Buffalo ≫ Wzr-600dhp2 Firmware Version <= 1.15

Buffalo ≫ Wzr-600dhp2 Version-

Buffalo ≫ Wzr-agl300nh Firmware Version <= 1.55

Buffalo ≫ Wzr-agl300nh Version-

Buffalo ≫ Wzr-ampg144nh Firmware Version <= 1.49

Buffalo ≫ Wzr-ampg144nh Version-

Buffalo ≫ Wzr-ampg300nh Firmware Version <= 1.51

Buffalo ≫ Wzr-ampg300nh Version-

Buffalo ≫ Wzr-d1100h Firmware Version <= 2.00

Buffalo ≫ Wzr-d1100h Version-

Buffalo ≫ Wzr-g144n Firmware Version <= 1.48

Buffalo ≫ Wzr-g144n Version-

Buffalo ≫ Wzr-g144nh Firmware Version <= 1.48

Buffalo ≫ Wzr-g144nh Version-

Buffalo ≫ Wzr-hp-g300nh Firmware Version <= 1.84

Buffalo ≫ Wzr-hp-g300nh Version-

Buffalo ≫ Wzr-hp-g301nh Firmware Version <= 1.84

Buffalo ≫ Wzr-hp-g301nh Version-

Buffalo ≫ Wzr-hp-g450h Firmware Version <= 1.90

Buffalo ≫ Wzr-hp-g450h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://jvn.jp/en/vu/JVNVU92805279/index.html

Third Party Advisory

https://www.buffalo.jp/news/detail/20221003-01.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-39044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-39044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-39044

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-39044