// For flags

CVE-2014-9284

 

Severity Score

7.7
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Los routers Buffalo WHR-1166DHP 1.60 y anteriores, WSR-600DHP 1.60 y anteriores, WHR-600D 1.60 y anteriores, WHR-300HP2 1.60 y anteriores, WMR-300 1.60 y anteriores, WEX-300 1.60 y anteriores, y BHR-4GRV2 1.04 y anteriores permiten a usuarios remotos autenticados ejecutar comandos OS arbitrarios a través de vectores no especificados.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-12-05 CVE Reserved
  • 2015-06-09 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://jvn.jp/en/jp/JVN50447904/index.html 2015-06-16
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085 2015-06-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Buffalotech
Search vendor "Buffalotech"
 Wsr-600dhp Firmware
Search vendor "Buffalotech" for product "Wsr-600dhp Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Wsr-600dhp Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wsr-600dhp
Search vendor "Buffalotech" for product "Wsr-600dhp"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-300hp2 Firmware
Search vendor "Buffalotech" for product "Whr-300hp2 Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Whr-300hp2 Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-300hp2
Search vendor "Buffalotech" for product "Whr-300hp2"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-1166dhp Firmware
Search vendor "Buffalotech" for product "Whr-1166dhp Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Whr-1166dhp Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-1166dhp
Search vendor "Buffalotech" for product "Whr-1166dhp"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Bhr-4grv2 Firmware
Search vendor "Buffalotech" for product "Bhr-4grv2 Firmware"
 <= 1.04
Search vendor "Buffalotech" for product "Bhr-4grv2 Firmware" and version " <= 1.04"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Bhr-4grv2
Search vendor "Buffalotech" for product "Bhr-4grv2"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Wmr-300 Firmware
Search vendor "Buffalotech" for product "Wmr-300 Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Wmr-300 Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wmr-300
Search vendor "Buffalotech" for product "Wmr-300"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Wex-300 Firmware
Search vendor "Buffalotech" for product "Wex-300 Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Wex-300 Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wex-300
Search vendor "Buffalotech" for product "Wex-300"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-600d Firmware
Search vendor "Buffalotech" for product "Whr-600d Firmware"
 <= 1.60
Search vendor "Buffalotech" for product "Whr-600d Firmware" and version " <= 1.60"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-600d
Search vendor "Buffalotech" for product "Whr-600d"
--
Safe