CVE-2022-43443

Published: Dec 19, 2022Modified: Apr 17, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

Affected (11)

Products: Buffalo: Wsr 3200ax4s Firmware, Wsr 3200ax4b Firmware, Wsr 2533dhp2 Firmware, Wsr A2533dhp2 Firmware, Wsr 2533dhp3 Firmware, Wsr A2533dhp3 Firmware, Wsr 2533dhpl2 Firmware, Wsr 2533dhpls Firmware, Wsr 2533dhp Firmware, Wsr 2533dhpl Firmware, Wcr 1166ds Firmware

Buffalo

11 products

Wsr 3200ax4s Firmware

Wsr 3200ax4b Firmware

Wsr 2533dhp2 Firmware

Wsr A2533dhp2 Firmware

Wsr 2533dhp3 Firmware

Wsr A2533dhp3 Firmware

Wsr 2533dhpl2 Firmware

Wsr 2533dhpls Firmware

Wsr 2533dhp Firmware

Wsr 2533dhpl Firmware

Wcr 1166ds Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 3200ax4s Firmware	Up to 1.26

Running on/with	Platform Versions
Buffalo Wsr 3200ax4s	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 3200ax4b Firmware	Version 1.25

Running on/with	Platform Versions
Buffalo Wsr 3200ax4b	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhp2 Firmware	Up to 1.22

Running on/with	Platform Versions
Buffalo Wsr 2533dhp2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr A2533dhp2 Firmware	Up to 1.22

Running on/with	Platform Versions
Buffalo Wsr A2533dhp2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhp3 Firmware	Up to 1.26

Running on/with	Platform Versions
Buffalo Wsr 2533dhp3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr A2533dhp3 Firmware	Up to 1.26

Running on/with	Platform Versions
Buffalo Wsr A2533dhp3	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhpl2 Firmware	Up to 1.03

Running on/with	Platform Versions
Buffalo Wsr 2533dhpl2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhpls Firmware	Up to 1.07

Running on/with	Platform Versions
Buffalo Wsr 2533dhpls	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhp Firmware	Up to 1.08

Running on/with	Platform Versions
Buffalo Wsr 2533dhp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wsr 2533dhpl Firmware	Up to 1.08

Running on/with	Platform Versions
Buffalo Wsr 2533dhpl	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wcr 1166ds Firmware	Up to 1.34

Running on/with	Platform Versions
Buffalo Wcr 1166ds	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://jvn.jp/en/vu/JVNVU97099584/

Source: vultures@jpcert.or.jp

https://www.buffalo.jp/news/detail/20240131-01.html

Source: vultures@jpcert.or.jp

https://jvn.jp/en/vu/JVNVU97099584/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.buffalo.jp/news/detail/20240131-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.