CVE-2022-39044
Last modified
CVE-2022-39044 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.
Metrics
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Buffalo | Wcr-300 Firmware | <= 1.87 |
| Buffalo | Whr-Hp-G300n Firmware | <= 2.00 |
| Buffalo | Whr-Hp-Gn Firmware | <= 1.87 |
| Buffalo | Wpl-05g300 Firmware | <= 1.88 |
| Buffalo | Wzr-300hp Firmware | <= 2.00 |
| Buffalo | Wzr-450hp Firmware | <= 2.00 |
| Buffalo | Wzr-600dhp Firmware | <= 2.00 |
| Buffalo | Wzr-900dhp Firmware | <= 1.15 |
| Buffalo | Wzr-Hp-Ag300h Firmware | <= 1.76 |
| Buffalo | Wzr-Hp-G302h Firmware | <= 1.86 |
| Buffalo | Wlae-Ag300n Firmware | <= 1.86 |
| Buffalo | Fs-600dhp Firmware | <= 3.40 |
| Buffalo | Fs-G300n Firmware | <= 3.14 |
| Buffalo | Fs-Hp-G300n Firmware | <= 3.33 |
| Buffalo | Fs-R600dhp Firmware | <= 3.40 |
| Buffalo | Bhr-4grv Firmware | <= 2.00 |
| Buffalo | Dwr-Hp-G300nh Firmware | <= 1.84 |
| Buffalo | Dwr-Pg Firmware | <= 1.83 |
| Buffalo | Hw-450hp-Zwe Firmware | <= 2.00 |
| Buffalo | Wer-A54g54 Firmware | <= 1.43 |
| Buffalo | Wer-Ag54 Firmware | <= 1.43 |
| Buffalo | Wer-Am54g54 Firmware | <= 1.43 |
| Buffalo | Wer-Amg54 Firmware | <= 1.43 |
| Buffalo | Whr-300 Firmware | <= 2.00 |
| Buffalo | Whr-300hp Firmware | <= 2.00 |
| Buffalo | Whr-Am54g54 Firmware | <= 1.43 |
| Buffalo | Whr-Amg54 Firmware | <= 1.43 |
| Buffalo | Whr-Ampg Firmware | <= 1.52 |
| Buffalo | Whr-G Firmware | <= 1.49 |
| Buffalo | Whr-G300n Firmware | <= 1.65 |
| Buffalo | Whr-G301n Firmware | <= 1.87 |
| Buffalo | Whr-G54s Firmware | <= 1.43 |
| Buffalo | Whr-G54s-Ni Firmware | <= 1.24 |
| Buffalo | Whr-Hp-Ampg Firmware | <= 1.49 |
| Buffalo | Whr-Hp-G Firmware | <= 1.49 |
| Buffalo | Whr-Hp-G54 Firmware | <= 1.43 |
| Buffalo | Wli-H4-D600 Firmware | <= 1.88 |
| Buffalo | Wli-Tx4-Ag300n Firmware | <= 1.53 |
| Buffalo | Ws024bf Firmware | <= 1.60 |
| Buffalo | Ws024bf-Nw Firmware | <= 1.60 |
| Buffalo | Wzr2-G108 Firmware | <= 1.33 |
| Buffalo | Wzr2-G300n Firmware | <= 1.55 |
| Buffalo | Wzr-450hp-Cwt Firmware | <= 2.00 |
| Buffalo | Wzr-450hp-Ub Firmware | <= 2.00 |
| Buffalo | Wzr-600dhp2 Firmware | <= 1.15 |
| Buffalo | Wzr-Agl300nh Firmware | <= 1.55 |
| Buffalo | Wzr-Ampg144nh Firmware | <= 1.49 |
| Buffalo | Wzr-Ampg300nh Firmware | <= 1.51 |
| Buffalo | Wzr-D1100h Firmware | <= 2.00 |
| Buffalo | Wzr-G144n Firmware | <= 1.48 |
Showing 50 of 54 affected configurations. See NVD for the full list.
References
- https://jvn.jp/en/vu/JVNVU92805279/index.htmlThird Party Advisory
- https://www.buffalo.jp/news/detail/20221003-01.htmlPatch, Vendor Advisory
- https://jvn.jp/en/vu/JVNVU92805279/index.htmlThird Party Advisory
- https://www.buffalo.jp/news/detail/20221003-01.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-39044?
How severe is CVE-2022-39044?
How do I fix CVE-2022-39044?
Are you affected by CVE-2022-39044?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST