CVE-2022-43443

Published: Dec 19, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

Vendor	Product	Versions
BUFFALO INC.	WXR-11000XE12	affected `firmware Ver. 1.10 and earlier`
BUFFALO INC.	WXR-5700AX7S	affected `firmware Ver. 1.27 and earlier`
BUFFALO INC.	WXR-5700AX7B	affected `firmware Ver. 1.27 and earlier`
BUFFALO INC.	WSR-3200AX4S	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-3200AX4B	affected `firmware Ver. 1.25`
BUFFALO INC.	WSR-2533DHP	affected `firmware Ver. 1.08 and earlier`
BUFFALO INC.	WSR-2533DHP2	affected `firmware Ver. 1.22 and earlier`
BUFFALO INC.	WSR-A2533DHP2	affected `firmware Ver. 1.22 and earlier`
BUFFALO INC.	WSR-2533DHP3	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-A2533DHP3	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-2533DHPL	affected `firmware Ver. 1.08 and earlier`
BUFFALO INC.	WSR-2533DHPL2	affected `firmware Ver. 1.03 and earlier`
BUFFALO INC.	WSR-2533DHPLS	affected `firmware Ver. 1.07 and earlier`
BUFFALO INC.	WSR-2533DHPLB	affected `firmware Ver. 1.05`
BUFFALO INC.	WSR-1166DHP	affected `firmware Ver. 1.16 and earlier`
BUFFALO INC.	WSR-1166DHP2	affected `firmware Ver. 1.17 and earlier`
BUFFALO INC.	WCR-1166DS	affected `firmware Ver. 1.34 and earlier`

References

https://www.buffalo.jp/news/detail/20240131-01.html

https://jvn.jp/en/vu/JVNVU97099584/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-43443

Description

Affected Products

References