CVE-2022-40966
https://notcve.org/view.php?id=CVE-2022-40966
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier. • https://jvn.jp/en/vu/JVNVU92805279/index.html https://www.buffalo.jp/news/detail/20221003-01.html • CWE-287: Improper Authentication •
CVE-2022-39044
https://notcve.org/view.php?id=CVE-2022-39044
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier. Una vulnerabilidad de funcionalidad oculta en múltiples dispositivos de red de Buffalo permite que un atacante adyacente a la red con privilegios administrativos ejecute un comando arbitrario del sistema operativo. Los productos/versiones afectados son los siguientes: WCR-300 firmware Ver. 1.87 y anteriores, versión del firmware WHR-HP-G300N. 2.00 y anteriores, versión del firmware WHR-HP-GN. 1.87 y anteriores, versión del firmware WPL-05G300. 1.88 y anteriores, versión del firmware WZR-300HP. 2.00 y anteriores, versión del firmware WZR-450HP. 2.00 y anteriores, versión del firmware WZR-600DHP. 2.00 y anteriores, versión del firmware WZR-900DHP. 1.15 y anteriores, versión del firmware WZR-HP-AG300H. 1.76 y anteriores, versión del firmware WZR-HP-G302H. 1.86 y anteriores, versión del firmware WLAE-AG300N. 1.86 y anteriores, versión del firmware FS-600DHP. 3.40 y anteriores, versión del firmware FS-G300N. 3.14 y anteriores, versión del firmware FS-HP-G300N. 3.33 y anteriores, versión del firmware FS-R600DHP. 3.40 y anteriores, versión del firmware BHR-4GRV. 2.00 y anteriores, versión del firmware DWR-HP-G300NH. 1.84 y anteriores, versión del firmware DWR-PG. 1.83 y anteriores, versión del firmware HW-450HP-ZWE. 2.00 y anteriores, versión del firmware WER-A54G54. 1.43 y anteriores, versión del firmware WER-AG54. 1.43 y anteriores, versión del firmware WER-AM54G54. 1.43 y anteriores, versión del firmware WER-AMG54. 1.43 y anteriores, versión del firmware WHR-300. 2.00 y anteriores, versión del firmware WHR-300HP. 2.00 y anteriores, versión del firmware WHR-AM54G54. 1.43 y anteriores, versión del firmware WHR-AMG54. 1.43 y anteriores, versión del firmware WHR-AMPG. 1.52 y anteriores, versión del firmware WHR-G. 1.49 y anteriores, versión del firmware WHR-G300N. 1.65 y anteriores, versión del firmware WHR-G301N. 1.87 y anteriores, versión del firmware WHR-G54S. 1.43 y anteriores, versión del firmware WHR-G54S-NI. 1.24 y anteriores, versión del firmware WHR-HP-AMPG. 1.43 y anteriores, versión del firmware WHR-HP-G. 1.49 y anteriores, versión del firmware WHR-HP-G54. 1.43 y anteriores, versión del firmware WLI-H4-D600. 1.88 y anteriores, versión del firmware WLI-TX4-AG300N. 1.53 y anteriores, versión del firmware WS024BF. 1.60 y anteriores, versión del firmware WS024BF-NW. 1.60 y anteriores, versión del firmware WZR2-G108. 1.33 y anteriores, versión del firmware WZR2-G300N. 1.55 y anteriores, versión del firmware WZR-450HP-CWT. 2.00 y anteriores, versión del firmware WZR-450HP-UB. 2.00 y anteriores, versión del firmware WZR-600DHP2. 1.15 y anteriores, versión del firmware WZR-AGL300NH. 1.55 y anteriores, versión del firmware WZR-AMPG144NH. 1.49 y anteriores, versión del firmware WZR-AMPG300NH. 1.51 y anteriores, versión del firmware WZR-D1100H. 2.00 y anteriores, versión del firmware WZR-G144N. 1.48 y anteriores, versión del firmware WZR-G144NH. 1.48 y anteriores, versión del firmware WZR-HP-G300NH. 1.84 y anteriores, versión del firmware WZR-HP-G301NH. 1.84 y anteriores, y la versión del firmware WZR-HP-G450H. 1,90 y anteriores. • https://jvn.jp/en/vu/JVNVU92805279/index.html https://www.buffalo.jp/news/detail/20221003-01.html •
CVE-2020-5606
https://notcve.org/view.php?id=CVE-2020-5606
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. Una vulnerabilidad de tipo Cross-site scripting en WHR-G54S versión de firmware 1.43 y anteriores, permite a atacantes remotos inyectar script arbitrario por medio de una página especialmente diseñada • https://jvn.jp/en/jp/JVN09166495/index.html https://www.buffalo.jp/news/detail/20200911-01.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5605
https://notcve.org/view.php?id=CVE-2020-5605
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. Una vulnerabilidad de Salto de Directorio en WHR-G54S versión de firmware 1.43 y anteriores, permite a un atacante acceder a información confidencial, tal y como valores de configuración por medio de vectores no especificados • https://jvn.jp/en/jp/JVN09166495/index.html https://www.buffalo.jp/news/detail/20200911-01.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •