MEDIUM🇵🇱 Wersja polska

CVE-2022-43466

CVSS 6.8v3.1pub. 2022-12-19upd. 2025-04-17

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Buffalo Wex 1800ax4

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wex 1800ax4ea

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wex 1800ax4ea Firmware

    OS
    Buffalo
    ≤ 1.13
  • Buffalo Wex 1800ax4 Firmware

    OS
    Buffalo
    ≤ 1.13
  • Buffalo Wsr 2533dhp2

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 2533dhp2 Firmware

    OS
    Buffalo
    ≤ 1.22
  • Buffalo Wsr 2533dhp3

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 2533dhp3 Firmware

    OS
    Buffalo
    ≤ 1.26
  • Buffalo Wsr 2533dhpl2

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 2533dhpl2 Firmware

    OS
    Buffalo
    ≤ 1.03
  • Buffalo Wsr 2533dhpls

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 2533dhpls Firmware

    OS
    Buffalo
    ≤ 1.07
  • Buffalo Wsr 3200ax4b

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 3200ax4b Firmware

    OS
    Buffalo
    1.25
  • Buffalo Wsr 3200ax4s

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr 3200ax4s Firmware

    OS
    Buffalo
    ≤ 1.26
  • Buffalo Wsr A2533dhp2

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr A2533dhp2 Firmware

    OS
    Buffalo
    ≤ 1.22
  • Buffalo Wsr A2533dhp3

    HW
    Buffalo
    wszystkie wersje
  • Buffalo Wsr A2533dhp3 Firmware

    OS
    Buffalo
    ≤ 1.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-23486CRITICAL9.8PL ✓ten sam produkt

Buffalo WSR-2533DHP — hasło przechowywane w postaci jawnej (plaintext)

CVE-2022-43443HIGH8.8ten sam produkt

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute a...

CVE-2024-26023MEDIUM4.2ten sam produkt

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrar...

CVE-2022-43486MEDIUM6.8ten sam produkt

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an admin...

CVE-2021-20090CRITICAL9.8⚠ KEVten sam vendor

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR...