5 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 150EXPL: 0

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier. • https://jvn.jp/en/vu/JVNVU92805279/index.html https://www.buffalo.jp/news/detail/20221003-01.html • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Buffalo WZR-1750DHP2, en su versión 2.30 y anteriores, permite que un atacante ejecute comandos arbitrarios del sistema operativo mediante vectores sin especificar. • http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. Buffalo WZR-1750DHP2, en su versión 2.30 y anteriores, permite que un atacante omita la autenticación y ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar. • http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Desbordamiento de búfer en Buffalo WZR-1750DHP2, en su versión 2.30 y anteriores, permite que un atacante ejecute código arbitrario mediante un archivo especialmente manipulado. • http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 0

BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. Dispositivos BUFFALO WZR-600DHP3 con firmware 2.16 y versiones anteriores y dispositivos WZR-S600DHP permiten a atacantes remotos descubrir credenciales y otra información sensible a través de vectores no especificados. • http://buffalo.jp/support_s/s20160527a.html http://jvn.jp/en/jp/JVN75813272/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •