CVE-2022-40966

EPSS 0.17%
Veröffentlicht 07.12.2022 10:15:11
Zuletzt bearbeitet 23.04.2025 16:15:25
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Buffalo ≫ Wcr-300 Firmware Version <= 1.87

Buffalo ≫ Wcr-300 Version-

Buffalo ≫ Whr-hp-g300n Firmware Version <= 2.00

Buffalo ≫ Whr-hp-g300n Version-

Buffalo ≫ Whr-hp-gn Firmware Version <= 1.87

Buffalo ≫ Whr-hp-gn Version-

Buffalo ≫ Wpl-05g300 Firmware Version <= 1.88

Buffalo ≫ Wpl-05g300 Version-

Buffalo ≫ Wrm-d2133hp Firmware Version <= 2.85

Buffalo ≫ Wrm-d2133hp Version-

Buffalo ≫ Wrm-d2133hs Firmware Version <= 2.96

Buffalo ≫ Wrm-d2133hs Version-

Buffalo ≫ Wtr-m2133hp Firmware Version <= 2.85

Buffalo ≫ Wtr-m2133hp Version-

Buffalo ≫ Wtr-m2133hs Firmware Version <= 2.96

Buffalo ≫ Wtr-m2133hs Version-

Buffalo ≫ Wxr-1900dhp Firmware Version <= 2.50

Buffalo ≫ Wxr-1900dhp Version-

Buffalo ≫ Wxr-1900dhp2 Firmware Version <= 2.59

Buffalo ≫ Wxr-1900dhp2 Version-

Buffalo ≫ Wxr-1900dhp3 Firmware Version <= 2.63

Buffalo ≫ Wxr-1900dhp3 Version-

Buffalo ≫ Wxr-5950ax12 Firmware Version <= 3.40

Buffalo ≫ Wxr-5950ax12 Version-

Buffalo ≫ Wxr-6000ax12b Firmware Version <= 3.40

Buffalo ≫ Wxr-6000ax12b Version-

Buffalo ≫ Wxr-6000ax12s Firmware Version <= 3.40

Buffalo ≫ Wxr-6000ax12s Version-

Buffalo ≫ Wzr-300hp Firmware Version <= 2.00

Buffalo ≫ Wzr-300hp Version-

Buffalo ≫ Wzr-450hp Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp Version-

Buffalo ≫ Wzr-600dhp Firmware Version <= 2.00

Buffalo ≫ Wzr-600dhp Version-

Buffalo ≫ Wzr-900dhp Firmware Version <= 1.15

Buffalo ≫ Wzr-900dhp Version-

Buffalo ≫ Wzr-1750dhp2 Firmware Version <= 2.31

Buffalo ≫ Wzr-1750dhp2 Version-

Buffalo ≫ Wzr-hp-ag300h Firmware Version <= 1.76

Buffalo ≫ Wzr-hp-ag300h Version-

Buffalo ≫ Wzr-hp-g302h Firmware Version <= 1.86

Buffalo ≫ Wzr-hp-g302h Version-

Buffalo ≫ Wem-1266 Firmware Version <= 2.85

Buffalo ≫ Wem-1266 Version-

Buffalo ≫ Wem-1266wp Firmware Version <= 2.85

Buffalo ≫ Wem-1266wp Version-

Buffalo ≫ Wlae-ag300n Firmware Version <= 1.86

Buffalo ≫ Wlae-ag300n Version-

Buffalo ≫ Fs-600dhp Firmware Version <= 3.40

Buffalo ≫ Fs-600dhp Version-

Buffalo ≫ Fs-g300n Firmware Version <= 3.14

Buffalo ≫ Fs-g300n Version-

Buffalo ≫ Fs-hp-g300n Firmware Version <= 3.33

Buffalo ≫ Fs-hp-g300n Version-

Buffalo ≫ Fs-r600dhp Firmware Version <= 3.40

Buffalo ≫ Fs-r600dhp Version-

Buffalo ≫ Bhr-4grv Firmware Version <= 2.00

Buffalo ≫ Bhr-4grv Version-

Buffalo ≫ Dwr-hp-g300nh Firmware Version <= 1.84

Buffalo ≫ Dwr-hp-g300nh Version-

Buffalo ≫ Dwr-pg Firmware Version <= 1.83

Buffalo ≫ Dwr-pg Version-

Buffalo ≫ Hw-450hp-zwe Firmware Version <= 2.00

Buffalo ≫ Hw-450hp-zwe Version-

Buffalo ≫ Wer-a54g54 Firmware Version <= 1.43

Buffalo ≫ Wer-a54g54 Version-

Buffalo ≫ Wer-ag54 Firmware Version <= 1.43

Buffalo ≫ Wer-ag54 Version-

Buffalo ≫ Wer-am54g54 Firmware Version <= 1.43

Buffalo ≫ Wer-am54g54 Version-

Buffalo ≫ Wer-amg54 Firmware Version <= 1.43

Buffalo ≫ Wer-amg54 Version-

Buffalo ≫ Whr-300 Firmware Version <= 2.00

Buffalo ≫ Whr-300 Version-

Buffalo ≫ Whr-300hp Firmware Version <= 2.00

Buffalo ≫ Whr-300hp Version-

Buffalo ≫ Whr-am54g54 Firmware Version <= 1.43

Buffalo ≫ Whr-am54g54 Version-

Buffalo ≫ Whr-amg54 Firmware Version <= 1.43

Buffalo ≫ Whr-amg54 Version-

Buffalo ≫ Whr-ampg Firmware Version <= 1.52

Buffalo ≫ Whr-ampg Version-

Buffalo ≫ Whr-g Firmware Version <= 1.49

Buffalo ≫ Whr-g Version-

Buffalo ≫ Whr-g300n Firmware Version <= 1.65

Buffalo ≫ Whr-g300n Version-

Buffalo ≫ Whr-g301n Firmware Version <= 1.87

Buffalo ≫ Whr-g301n Version-

Buffalo ≫ Whr-g54s Firmware Version <= 1.43

Buffalo ≫ Whr-g54s Version-

Buffalo ≫ Whr-g54s-ni Firmware Version <= 1.24

Buffalo ≫ Whr-g54s-ni Version-

Buffalo ≫ Whr-hp-ampg Firmware Version <= 1.43

Buffalo ≫ Whr-hp-ampg Version-

Buffalo ≫ Whr-hp-g Firmware Version <= 1.49

Buffalo ≫ Whr-hp-g Version-

Buffalo ≫ Whr-hp-g54 Firmware Version <= 1.43

Buffalo ≫ Whr-hp-g54 Version-

Buffalo ≫ Wli-h4-d600 Firmware Version <= 1.88

Buffalo ≫ Wli-h4-d600 Version-

Buffalo ≫ Ws024bf Firmware Version <= 1.60

Buffalo ≫ Ws024bf Version-

Buffalo ≫ Ws024bf-nw Firmware Version <= 1.60

Buffalo ≫ Ws024bf-nw Version-

Buffalo ≫ Wxr-1750dhp Firmware Version <= 2.60

Buffalo ≫ Wxr-1750dhp Version-

Buffalo ≫ Wxr-1750dhp2 Firmware Version <= 2.60

Buffalo ≫ Wxr-1750dhp2 Version-

Buffalo ≫ Wzr-1166dhp Firmware Version <= 2.18

Buffalo ≫ Wzr-1166dhp Version-

Buffalo ≫ Wzr-1166dhp2 Firmware Version <= 2.18

Buffalo ≫ Wzr-1166dhp2 Version-

Buffalo ≫ Wzr-1750dhp Firmware Version <= 2.30

Buffalo ≫ Wzr-1750dhp Version-

Buffalo ≫ Wzr2-g300n Firmware Version <= 1.55

Buffalo ≫ Wzr2-g300n Version-

Buffalo ≫ Wzr-450hp-cwt Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp-cwt Version-

Buffalo ≫ Wzr-450hp-ub Firmware Version <= 2.00

Buffalo ≫ Wzr-450hp-ub Version-

Buffalo ≫ Wzr-600dhp2 Firmware Version <= 1.15

Buffalo ≫ Wzr-600dhp2 Version-

Buffalo ≫ Wzr-600dhp3 Firmware Version <= 2.19

Buffalo ≫ Wzr-600dhp3 Version-

Buffalo ≫ Wzr-900dhp2 Firmware Version <= 2.19

Buffalo ≫ Wzr-900dhp2 Version-

Buffalo ≫ Wzr-agl300nh Firmware Version <= 1.55

Buffalo ≫ Wzr-agl300nh Version-

Buffalo ≫ Wzr-ampg144nh Firmware Version <= 1.49

Buffalo ≫ Wzr-ampg144nh Version-

Buffalo ≫ Wzr-ampg300nh Firmware Version <= 1.51

Buffalo ≫ Wzr-ampg300nh Version-

Buffalo ≫ Wzr-d1100h Firmware Version <= 2.00

Buffalo ≫ Wzr-d1100h Version-

Buffalo ≫ Wzr-g144n Firmware Version <= 1.48

Buffalo ≫ Wzr-g144n Version-

Buffalo ≫ Wzr-g144nh Firmware Version <= 1.48

Buffalo ≫ Wzr-g144nh Version-

Buffalo ≫ Wzr-hp-g300nh Firmware Version <= 1.84

Buffalo ≫ Wzr-hp-g300nh Version-

Buffalo ≫ Wzr-hp-g301nh Firmware Version <= 1.84

Buffalo ≫ Wzr-hp-g301nh Version-

Buffalo ≫ Wzr-hp-g450h Firmware Version <= 1.90

Buffalo ≫ Wzr-hp-g450h Version-

Buffalo ≫ Wzr-s1750dhp Firmware Version <= 2.32

Buffalo ≫ Wzr-s1750dhp Version-

Buffalo ≫ Wzr-s600dhp Firmware Version <= 2.19

Buffalo ≫ Wzr-s600dhp Version-

Buffalo ≫ Wzr-s900dhp Firmware Version <= 2.19

Buffalo ≫ Wzr-s900dhp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.386

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://jvn.jp/en/vu/JVNVU92805279/index.html

Third Party Advisory

https://www.buffalo.jp/news/detail/20221003-01.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-40966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40966

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-40966