CVSS: 8.8EPSS: 0%CPEs: 150EXPL: 0CVE-2022-40966
https://notcve.org/view.php?id=CVE-2022-40966
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier. • https://jvn.jp/en/vu/JVNVU92805279/index.html https://www.buffalo.jp/news/detail/20221003-01.html • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 108EXPL: 0CVE-2022-39044
https://notcve.org/view.php?id=CVE-2022-39044
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier. Una vulnerabilidad de funcionalidad oculta en múltiples dispositivos de red de Buffalo permite que un atacante adyacente a la red con privilegios administrativos ejecute un comando arbitrario del sistema operativo. Los productos/versiones afectados son los siguientes: WCR-300 firmware Ver. 1.87 y anteriores, versión del firmware WHR-HP-G300N. 2.00 y anteriores, versión del firmware WHR-HP-GN. 1.87 y anteriores, versión del firmware WPL-05G300. 1.88 y anteriores, versión del firmware WZR-300HP. 2.00 y anteriores, versión del firmware WZR-450HP. 2.00 y anteriores, versión del firmware WZR-600DHP. 2.00 y anteriores, versión del firmware WZR-900DHP. 1.15 y anteriores, versión del firmware WZR-HP-AG300H. 1.76 y anteriores, versión del firmware WZR-HP-G302H. 1.86 y anteriores, versión del firmware WLAE-AG300N. 1.86 y anteriores, versión del firmware FS-600DHP. 3.40 y anteriores, versión del firmware FS-G300N. 3.14 y anteriores, versión del firmware FS-HP-G300N. 3.33 y anteriores, versión del firmware FS-R600DHP. 3.40 y anteriores, versión del firmware BHR-4GRV. 2.00 y anteriores, versión del firmware DWR-HP-G300NH. 1.84 y anteriores, versión del firmware DWR-PG. 1.83 y anteriores, versión del firmware HW-450HP-ZWE. 2.00 y anteriores, versión del firmware WER-A54G54. 1.43 y anteriores, versión del firmware WER-AG54. 1.43 y anteriores, versión del firmware WER-AM54G54. 1.43 y anteriores, versión del firmware WER-AMG54. 1.43 y anteriores, versión del firmware WHR-300. 2.00 y anteriores, versión del firmware WHR-300HP. 2.00 y anteriores, versión del firmware WHR-AM54G54. 1.43 y anteriores, versión del firmware WHR-AMG54. 1.43 y anteriores, versión del firmware WHR-AMPG. 1.52 y anteriores, versión del firmware WHR-G. 1.49 y anteriores, versión del firmware WHR-G300N. 1.65 y anteriores, versión del firmware WHR-G301N. 1.87 y anteriores, versión del firmware WHR-G54S. 1.43 y anteriores, versión del firmware WHR-G54S-NI. 1.24 y anteriores, versión del firmware WHR-HP-AMPG. 1.43 y anteriores, versión del firmware WHR-HP-G. 1.49 y anteriores, versión del firmware WHR-HP-G54. 1.43 y anteriores, versión del firmware WLI-H4-D600. 1.88 y anteriores, versión del firmware WLI-TX4-AG300N. 1.53 y anteriores, versión del firmware WS024BF. 1.60 y anteriores, versión del firmware WS024BF-NW. 1.60 y anteriores, versión del firmware WZR2-G108. 1.33 y anteriores, versión del firmware WZR2-G300N. 1.55 y anteriores, versión del firmware WZR-450HP-CWT. 2.00 y anteriores, versión del firmware WZR-450HP-UB. 2.00 y anteriores, versión del firmware WZR-600DHP2. 1.15 y anteriores, versión del firmware WZR-AGL300NH. 1.55 y anteriores, versión del firmware WZR-AMPG144NH. 1.49 y anteriores, versión del firmware WZR-AMPG300NH. 1.51 y anteriores, versión del firmware WZR-D1100H. 2.00 y anteriores, versión del firmware WZR-G144N. 1.48 y anteriores, versión del firmware WZR-G144NH. 1.48 y anteriores, versión del firmware WZR-HP-G300NH. 1.84 y anteriores, versión del firmware WZR-HP-G301NH. 1.84 y anteriores, y la versión del firmware WZR-HP-G450H. 1,90 y anteriores. • https://jvn.jp/en/vu/JVNVU92805279/index.html https://www.buffalo.jp/news/detail/20221003-01.html •
CVSS: 5.8EPSS: 0%CPEs: 118EXPL: 0CVE-2011-1324
https://notcve.org/view.php?id=CVE-2011-1324
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en las Pantallas de gestión de las series WHR, WZR2, WZR, WER, y BBR de routers Buffalo con firmware v1.x; routers BHR-4RV y FS-G54 con firmware 2.x; y routers AS-100, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que modifican la configuración como se demuestra con el cambio de la contraseña login. • http://buffalo.jp/support_s/20080808/csrf.html http://jvn.jp/en/jp/JVN50505257/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •