CVE-2022-43486

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU97099584/
https://www.buffalo.jp/news/detail/20240131-01.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*

History

14 Feb 2024, 07:15

Type	Values Removed	Values Added
References	~~{'url': 'https://jvn.jp/en/vu/JVNVU97099584/index.html', 'tags': ['Third Party Advisory', 'VDB Entry'], 'source': 'vultures@jpcert.or.jp'}~~ ~~{'url': 'https://www.buffalo.jp/news/detail/20221205-01.html', 'tags': ['Patch', 'Vendor Advisory'], 'source': 'vultures@jpcert.or.jp'}~~	() https://jvn.jp/en/vu/JVNVU97099584/ - () https://www.buffalo.jp/news/detail/20240131-01.html -
Summary		(es) Vulnerabilidad de funcionalidad oculta en dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versión del firmware WSR-3200AX4B. 1.25, versión del firmware WSR-2533DHP. 1.08 y anteriores, versión del firmware WSR-2533DHP2. 1.22 y anteriores, versión del firmware WSR-A2533DHP2. 1.22 y anteriores, versión del firmware WSR-2533DHP3. 1.26 y anteriores, versión del firmware WSR-A2533DHP3. 1.26 y anteriores, versión del firmware WSR-2533DHPL. 1.08 y anteriores, versión del firmware WSR-2533DHPL2. 1.03 y anteriores, versión del firmware WSR-2533DHPLS. 1.07 y anteriores, versión del firmware WCR-1166DS. 1.34 y anteriores, versión del firmware WEX-1800AX4. 1.13 y anteriores, y la versión del firmware WEX-1800AX4EA. 1.13 y versiones anteriores permiten que un atacante adyacente a la red con privilegios administrativos habilite las funcionalidades de depuración y ejecute un comando arbitrario en el dispositivo afectado.
Summary	(en) Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device.	(en) Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.

27 Dec 2022, 20:29

Type	Values Removed	Values Added
References	~~(MISC) https://www.buffalo.jp/news/detail/20221205-01.html -~~	(MISC) https://www.buffalo.jp/news/detail/20221205-01.html - Patch, Vendor Advisory
References	~~(MISC) https://jvn.jp/en/vu/JVNVU97099584/index.html -~~	(MISC) https://jvn.jp/en/vu/JVNVU97099584/index.html - Third Party Advisory, VDB Entry
First Time		Buffalo wex-1800ax4 Buffalo wex-1800ax4ea Firmware Buffalo wsr-2533dhp Firmware Buffalo wsr-a2533dhp2 Buffalo wex-1800ax4 Firmware Buffalo wsr-2533dhpl2 Firmware Buffalo wsr-a2533dhp2 Firmware Buffalo wcr-1166ds Firmware Buffalo wsr-2533dhp3 Buffalo wsr-2533dhp3 Firmware Buffalo wsr-2533dhpls Firmware Buffalo wsr-3200ax4b Firmware Buffalo wsr-2533dhpl2 Buffalo wsr-a2533dhp3 Buffalo wsr-3200ax4s Firmware Buffalo wsr-3200ax4b Buffalo wsr-3200ax4s Buffalo wsr-2533dhp Buffalo wsr-2533dhpls Buffalo wsr-2533dhpl Firmware Buffalo wsr-2533dhp2 Firmware Buffalo wcr-1166ds Buffalo wsr-a2533dhp3 Firmware Buffalo Buffalo wex-1800ax4ea Buffalo wsr-2533dhpl Buffalo wsr-2533dhp2
CWE		NVD-CWE-Other
CPE		cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:::::::: cpe:2.3:h:buffalo:wsr-2533dhpls:-:::::::* cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:::::::* cpe:2.3:h:buffalo:wsr-3200ax4b:-:::::::* cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:::::::: cpe:2.3:h:buffalo:wsr-2533dhpl:-:::::::* cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:::::::: cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:::::::: cpe:2.3:h:buffalo:wsr-a2533dhp3:-:::::::* cpe:2.3:o:buffalo:wcr-1166ds_firmware:::::::: cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:::::::: cpe:2.3:h:buffalo:wcr-1166ds:-:::::::* cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:::::::: cpe:2.3:h:buffalo:wsr-2533dhp3:-:::::::* cpe:2.3:h:buffalo:wex-1800ax4:-:::::::* cpe:2.3:h:buffalo:wsr-2533dhp:-:::::::* cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:::::::: cpe:2.3:o:buffalo:wex-1800ax4_firmware:::::::: cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:::::::: cpe:2.3:h:buffalo:wsr-3200ax4s:-:::::::* cpe:2.3:h:buffalo:wex-1800ax4ea:-:::::::* cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:::::::: cpe:2.3:h:buffalo:wsr-2533dhp2:-:::::::* cpe:2.3:o:buffalo:wsr-2533dhp_firmware:::::::: cpe:2.3:h:buffalo:wsr-a2533dhp2:-:::::::* cpe:2.3:h:buffalo:wsr-2533dhpl2:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8

19 Dec 2022, 04:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-19 03:15

Updated : 2024-02-14 07:15

NVD link : CVE-2022-43486

Mitre link : CVE-2022-43486

CVE.ORG link : CVE-2022-43486

JSON object : View

Products Affected

buffalo

wsr-3200ax4s_firmware
wsr-3200ax4s
wsr-a2533dhp2_firmware
wsr-2533dhp
wsr-2533dhp2
wex-1800ax4ea_firmware
wsr-2533dhp3
wex-1800ax4ea
wsr-2533dhpl2
wcr-1166ds_firmware
wsr-3200ax4b_firmware
wex-1800ax4_firmware
wsr-2533dhpl2_firmware
wsr-2533dhpl_firmware
wsr-2533dhp2_firmware
wsr-a2533dhp3
wsr-3200ax4b
wsr-2533dhpls_firmware
wsr-2533dhpl
wsr-a2533dhp3_firmware
wex-1800ax4
wcr-1166ds
wsr-a2533dhp2
wsr-2533dhp_firmware
wsr-2533dhpls
wsr-2533dhp3_firmware

CWE

NVD-CWE-Other

6.8 /10