CVE-2022-43466

Published: Dec 19, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

Vendor	Product	Versions
BUFFALO INC.	WXR-5700AX7S	affected `firmware Ver. 1.27 and earlier`
BUFFALO INC.	WXR-5700AX7B	affected `firmware Ver. 1.27 and earlier`
BUFFALO INC.	WSR-3200AX4S	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-3200AX4B	affected `firmware Ver. 1.25`
BUFFALO INC.	WSR-2533DHP2	affected `firmware Ver. 1.22 and earlier`
BUFFALO INC.	WSR-A2533DHP2	affected `firmware Ver. 1.22 and earlier`
BUFFALO INC.	WSR-2533DHP3	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-A2533DHP3	affected `firmware Ver. 1.26 and earlier`
BUFFALO INC.	WSR-2533DHPL2	affected `firmware Ver. 1.03 and earlier`
BUFFALO INC.	WSR-2533DHPLS	affected `firmware Ver. 1.07 and earlier`
BUFFALO INC.	WSR-2533DHPLB	affected `firmware Ver. 1.05`
BUFFALO INC.	WEX-1800AX4	affected `firmware Ver. 1.13 and earlier`
BUFFALO INC.	WEX-1800AX4EA	affected `firmware Ver. 1.13 and earlier`

References

https://www.buffalo.jp/news/detail/20240131-01.html

https://jvn.jp/en/vu/JVNVU97099584/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-43466

Description

Affected Products

References