CVE-2022-40966
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.
Affected (75)
Products: Buffalo: Wcr 300 Firmware, Whr Hp G300n Firmware, Whr Hp Gn Firmware, Wpl 05g300 Firmware, Wrm D2133hp Firmware, Wrm D2133hs Firmware, Wtr M2133hp Firmware, Wtr M2133hs Firmware, Wxr 1900dhp Firmware, Wxr 1900dhp2 Firmware, Wxr 1900dhp3 Firmware, Wxr 5950ax12 Firmware, Wxr 6000ax12b Firmware, Wxr 6000ax12s Firmware, Wzr 300hp Firmware, Wzr 450hp Firmware, Wzr 600dhp Firmware, Wzr 900dhp Firmware, Wzr 1750dhp2 Firmware, Wzr Hp Ag300h Firmware, Wzr Hp G302h Firmware, Wem 1266 Firmware, Wem 1266wp Firmware, Wlae Ag300n Firmware, Fs 600dhp Firmware, Fs G300n Firmware, Fs Hp G300n Firmware, Fs R600dhp Firmware, Bhr 4grv Firmware, Dwr Hp G300nh Firmware, Dwr Pg Firmware, Hw 450hp Zwe Firmware, Wer A54g54 Firmware, Wer Ag54 Firmware, Wer Am54g54 Firmware, Wer Amg54 Firmware, Whr 300 Firmware, Whr 300hp Firmware, Whr Am54g54 Firmware, Whr Amg54 Firmware, Whr Ampg Firmware, Whr G Firmware, Whr G300n Firmware, Whr G301n Firmware, Whr G54s Firmware, Whr G54s Ni Firmware, Whr Hp Ampg Firmware, Whr Hp G Firmware, Whr Hp G54 Firmware, Wli H4 D600 Firmware, Ws024bf Firmware, Ws024bf Nw Firmware, Wxr 1750dhp Firmware, Wxr 1750dhp2 Firmware, Wzr 1166dhp Firmware, Wzr 1166dhp2 Firmware, Wzr 1750dhp Firmware, Wzr2 G300n Firmware, Wzr 450hp Cwt Firmware, Wzr 450hp Ub Firmware, Wzr 600dhp2 Firmware, Wzr 600dhp3 Firmware, Wzr 900dhp2 Firmware, Wzr Agl300nh Firmware, Wzr Ampg144nh Firmware, Wzr Ampg300nh Firmware, Wzr D1100h Firmware, Wzr G144n Firmware, Wzr G144nh Firmware, Wzr Hp G300nh Firmware, Wzr Hp G301nh Firmware, Wzr Hp G450h Firmware, Wzr S1750dhp Firmware, Wzr S600dhp Firmware, Wzr S900dhp Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.87 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wcr 300 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Hp G300n | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.87 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Hp Gn | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.88 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wpl 05g300 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.85 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wrm D2133hp | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.96 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wrm D2133hs | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.85 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wtr M2133hp | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.96 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wtr M2133hs | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.50 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 1900dhp | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.59 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 1900dhp2 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.63 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 1900dhp3 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.40 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 5950ax12 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.40 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 6000ax12b | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.40 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 6000ax12s | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 300hp | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 450hp | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 600dhp | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.15 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 900dhp | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.31 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 1750dhp2 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.76 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Hp Ag300h | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.86 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Hp G302h | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.85 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wem 1266 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.85 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wem 1266wp | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.86 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wlae Ag300n | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.40 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Fs 600dhp | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.14 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Fs G300n | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.33 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Fs Hp G300n | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.40 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Fs R600dhp | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Bhr 4grv | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.84 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Dwr Hp G300nh | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.83 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Dwr Pg | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Hw 450hp Zwe | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wer A54g54 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wer Ag54 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wer Am54g54 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wer Amg54 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr 300 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr 300hp | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Am54g54 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Amg54 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Ampg | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.49 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr G | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.65 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr G300n | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.87 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr G301n | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr G54s | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.24 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr G54s Ni | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Hp Ampg | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.49 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Hp G | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.43 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Whr Hp G54 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.88 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wli H4 D600 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.60 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Ws024bf | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.60 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Ws024bf Nw | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.60 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 1750dhp | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.60 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wxr 1750dhp2 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.18 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 1166dhp | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.18 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 1166dhp2 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.30 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 1750dhp | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.55 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr2 G300n | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 450hp Cwt | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 450hp Ub | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.15 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 600dhp2 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.19 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 600dhp3 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.19 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr 900dhp2 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.55 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Agl300nh | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.49 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Ampg144nh | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.51 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Ampg300nh | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.00 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr D1100h | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr G144n | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr G144nh | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.84 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Hp G300nh | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.84 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Hp G301nh | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.90 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr Hp G450h | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.32 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr S1750dhp | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.19 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr S600dhp | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.19 |
| Running on/with | Platform Versions |
|---|---|
Buffalo Wzr S900dhp | All versions |
References (4)
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.