CVE-2022-43466
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versión del firmware WSR-3200AX4B. 1.25, versión del firmware WSR-2533DHP2. 1.22 y anteriores, versión del firmware WSR-A2533DHP2. 1.22 y anteriores, versión del firmware WSR-2533DHP3. 1.26 y anteriores, versión del firmware WSR-A2533DHP3. 1.26 y anteriores, versión del firmware WSR-2533DHPL2. 1.03 y anteriores, versión del firmware WSR-2533DHPLS. 1.07 y anteriores, versión del firmware WEX-1800AX4. 1.13 y anteriores, y la versión del firmware WEX-1800AX4EA. 1.13 y anteriores permiten a un atacante adyacente a la red con privilegios administrativos ejecutar un comando arbitrario del sistema operativo si se envía una solicitud especialmente manipulada a un programa CGI específico.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-05 CVE Reserved
- 2022-12-19 CVE Published
- 2024-07-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU97099584 | ||
| https://www.buffalo.jp/news/detail/20240131-01.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Buffalo Search vendor "Buffalo" | Wsr-3200ax4s Firmware Search vendor "Buffalo" for product "Wsr-3200ax4s Firmware" | <= 1.26 Search vendor "Buffalo" for product "Wsr-3200ax4s Firmware" and version " <= 1.26" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-3200ax4s Search vendor "Buffalo" for product "Wsr-3200ax4s" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-3200ax4b Firmware Search vendor "Buffalo" for product "Wsr-3200ax4b Firmware" | 1.25 Search vendor "Buffalo" for product "Wsr-3200ax4b Firmware" and version "1.25" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-3200ax4b Search vendor "Buffalo" for product "Wsr-3200ax4b" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-2533dhp2 Firmware Search vendor "Buffalo" for product "Wsr-2533dhp2 Firmware" | <= 1.22 Search vendor "Buffalo" for product "Wsr-2533dhp2 Firmware" and version " <= 1.22" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-2533dhp2 Search vendor "Buffalo" for product "Wsr-2533dhp2" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-a2533dhp2 Firmware Search vendor "Buffalo" for product "Wsr-a2533dhp2 Firmware" | <= 1.22 Search vendor "Buffalo" for product "Wsr-a2533dhp2 Firmware" and version " <= 1.22" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-a2533dhp2 Search vendor "Buffalo" for product "Wsr-a2533dhp2" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-2533dhp3 Firmware Search vendor "Buffalo" for product "Wsr-2533dhp3 Firmware" | <= 1.26 Search vendor "Buffalo" for product "Wsr-2533dhp3 Firmware" and version " <= 1.26" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-2533dhp3 Search vendor "Buffalo" for product "Wsr-2533dhp3" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-a2533dhp3 Firmware Search vendor "Buffalo" for product "Wsr-a2533dhp3 Firmware" | <= 1.26 Search vendor "Buffalo" for product "Wsr-a2533dhp3 Firmware" and version " <= 1.26" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-a2533dhp3 Search vendor "Buffalo" for product "Wsr-a2533dhp3" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-2533dhpl2 Firmware Search vendor "Buffalo" for product "Wsr-2533dhpl2 Firmware" | <= 1.03 Search vendor "Buffalo" for product "Wsr-2533dhpl2 Firmware" and version " <= 1.03" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-2533dhpl2 Search vendor "Buffalo" for product "Wsr-2533dhpl2" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wsr-2533dhpls Firmware Search vendor "Buffalo" for product "Wsr-2533dhpls Firmware" | <= 1.07 Search vendor "Buffalo" for product "Wsr-2533dhpls Firmware" and version " <= 1.07" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wsr-2533dhpls Search vendor "Buffalo" for product "Wsr-2533dhpls" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wex-1800ax4 Firmware Search vendor "Buffalo" for product "Wex-1800ax4 Firmware" | <= 1.13 Search vendor "Buffalo" for product "Wex-1800ax4 Firmware" and version " <= 1.13" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wex-1800ax4 Search vendor "Buffalo" for product "Wex-1800ax4" | - | - |
Safe
|
| Buffalo Search vendor "Buffalo" | Wex-1800ax4ea Firmware Search vendor "Buffalo" for product "Wex-1800ax4ea Firmware" | <= 1.13 Search vendor "Buffalo" for product "Wex-1800ax4ea Firmware" and version " <= 1.13" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Wex-1800ax4ea Search vendor "Buffalo" for product "Wex-1800ax4ea" | - | - |
Safe
|