← Back

CVE-2022-43486

nvd nist
Published: Dec 19, 2022Modified: Apr 17, 2025

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD

Description

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.

Affected (13)

Buffalo
13 products
Wsr 3200ax4s Firmware
Wsr 3200ax4b Firmware
Wsr 2533dhp2 Firmware
Wsr A2533dhp2 Firmware
Wsr 2533dhp3 Firmware
Wsr A2533dhp3 Firmware
Wsr 2533dhpl2 Firmware
Wsr 2533dhpls Firmware
Wex 1800ax4 Firmware
Wex 1800ax4ea Firmware
Wsr 2533dhp Firmware
Wsr 2533dhpl Firmware
Wcr 1166ds Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 3200ax4s Firmware
Up to 1.26
Running on/withPlatform Versions
Buffalo
Wsr 3200ax4s
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 3200ax4b Firmware
Version 1.25
Running on/withPlatform Versions
Buffalo
Wsr 3200ax4b
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhp2 Firmware
Up to 1.22
Running on/withPlatform Versions
Buffalo
Wsr 2533dhp2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr A2533dhp2 Firmware
Up to 1.22
Running on/withPlatform Versions
Buffalo
Wsr A2533dhp2
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhp3 Firmware
Up to 1.26
Running on/withPlatform Versions
Buffalo
Wsr 2533dhp3
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr A2533dhp3 Firmware
Up to 1.26
Running on/withPlatform Versions
Buffalo
Wsr A2533dhp3
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhpl2 Firmware
Up to 1.03
Running on/withPlatform Versions
Buffalo
Wsr 2533dhpl2
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhpls Firmware
Up to 1.07
Running on/withPlatform Versions
Buffalo
Wsr 2533dhpls
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wex 1800ax4 Firmware
Up to 1.13
Running on/withPlatform Versions
Buffalo
Wex 1800ax4
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wex 1800ax4ea Firmware
Up to 1.13
Running on/withPlatform Versions
Buffalo
Wex 1800ax4ea
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhp Firmware
Up to 1.08
Running on/withPlatform Versions
Buffalo
Wsr 2533dhp
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wsr 2533dhpl Firmware
Up to 1.08
Running on/withPlatform Versions
Buffalo
Wsr 2533dhpl
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wcr 1166ds Firmware
Up to 1.34
Running on/withPlatform Versions
Buffalo
Wcr 1166ds
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.