[Japanese]

JVNDB-2022-002775

Multiple vulnerabilities in Buffalo network devices

Overview

Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below.

* OS Command Injection (CWE-78) - CVE-2022-43466
* OS Command Injection (CWE-78) - CVE-2022-43443
* Hidden Functionality (CWE-912) - CVE-2022-43486

Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.8 (Medium) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-43486

CVSS V3 Severity:
Base Metrics:4.3 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2022-43466

CVSS V3 Severity:
Base Metrics:6.3 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2022-43443
Affected Products


BUFFALO INC.
  • WCR-1166DS firmware Ver. 1.34 and earlier - CVE-2022-43443
  • WCR-1166DS firmware Ver. 1.34 and earlier - CVE-2022-43486
  • WEX-1800AX4 firmware Ver. 1.13 and earlier - CVE-2022-43466
  • WEX-1800AX4 firmware Ver. 1.13 and earlier - CVE-2022-43486
  • WEX-1800AX4EA firmware Ver. 1.13 and earlier - CVE-2022-43466
  • WEX-1800AX4EA firmware Ver. 1.13 and earlier - CVE-2022-43486
  • WSR-1166DHP firmware Ver. 1.16 and earlier - CVE-2022-43443
  • WSR-1166DHP2 firmware Ver. 1.17 and earlier - CVE-2022-43443
  • WSR-2533DHP firmware Ver. 1.08 and earlier - CVE-2022-43443
  • WSR-2533DHP firmware Ver. 1.08 and earlier - CVE-2022-43486
  • WSR-2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43466
  • WSR-2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43443
  • WSR-2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43486
  • WSR-2533DHP3-BK firmware Ver. 1.26 and earlier - CVE-2022-43466
  • WSR-2533DHP3-BK firmware Ver. 1.26 and earlier - CVE-2022-43443
  • WSR-2533DHP3-BK firmware Ver. 1.26 and earlier - CVE-2022-43486
  • WSR-2533DHPL firmware Ver. 1.08 and earlier - CVE-2022-43443
  • WSR-2533DHPL firmware Ver. 1.08 and earlier - CVE-2022-43486
  • WSR-2533DHPL2-BK firmware Ver. 1.03 and earlier - CVE-2022-43466
  • WSR-2533DHPL2-BK firmware Ver. 1.03 and earlier - CVE-2022-43443
  • WSR-2533DHPL2-BK firmware Ver. 1.03 and earlier - CVE-2022-43486
  • WSR-2533DHPLB firmware Ver. 1.05 - CVE-2022-43443
  • WSR-2533DHPLB firmware Ver. 1.05 - CVE-2022-43466
  • WSR-2533DHPLB firmware Ver. 1.05 - CVE-2022-43486
  • WSR-2533DHPLS firmware Ver. 1.07 and earlier - CVE-2022-43466
  • WSR-2533DHPLS firmware Ver. 1.07 and earlier - CVE-2022-43443
  • WSR-2533DHPLS firmware Ver. 1.07 and earlier - CVE-2022-43486
  • WSR-3200AX4B firmware Ver. 1.25 - CVE-2022-43466
  • WSR-3200AX4B firmware Ver. 1.25 - CVE-2022-43443
  • WSR-3200AX4B firmware Ver. 1.25 - CVE-2022-43486
  • WSR-3200AX4S firmware Ver. 1.26 and earlier - CVE-2022-43443
  • WSR-3200AX4S firmware Ver. 1.26 and earlier - CVE-2022-43466
  • WSR-3200AX4S firmware Ver. 1.26 and earlier - CVE-2022-43486
  • WSR-A2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43466
  • WSR-A2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43443
  • WSR-A2533DHP2 firmware Ver. 1.22 and earlier - CVE-2022-43486
  • WSR-A2533DHP3 firmware Ver. 1.26 and earlier - CVE-2022-43466
  • WSR-A2533DHP3 firmware Ver. 1.26 and earlier - CVE-2022-43443
  • WSR-A2533DHP3 firmware Ver. 1.26 and earlier - CVE-2022-43486
  • WXR-11000XE12 firmware Ver. 1.10 and earlier - CVE-2022-43443
  • WXR-5700AX7B firmware Ver. 1.27 and earlier - CVE-2022-43443
  • WXR-5700AX7B firmware Ver. 1.27 and earlier - CVE-2022-43466
  • WXR-5700AX7B firmware Ver. 1.27 and earlier - CVE-2022-43486
  • WXR-5700AX7S firmware Ver. 1.27 and earlier - CVE-2022-43443
  • WXR-5700AX7S firmware Ver. 1.27 and earlier - CVE-2022-43466
  • WXR-5700AX7S firmware Ver. 1.27 and earlier - CVE-2022-43486

Impact

* An authenticated user may execute arbitrary OS commands by sending a specially crafted request and accessing a certain URL on the management console of the affected device - CVE-2022-43466
* An unauthenticated attacker may execute arbitrary OS commands via sending a specially crafted request to the affected device - CVE-2022-43443
* An authenticated user may enable the feature, and execute arbitrary commands on the affected device - CVE-2022-43486
Solution

[Update the firmware]
Update firmware to the latest version according to the information provided by the developer.
Vendor Information

BUFFALO INC.
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [Other]
  2. Hidden Functionality(CWE-912) [Other]
CVE (What is CVE?)

  1. CVE-2022-43466
  2. CVE-2022-43443
  3. CVE-2022-43486
References

  1. JVN : JVNVU#97099584
Revision History

  • [2022/12/12]
      Web page was published
  • [2024/02/14]
      Affected Products : Products were added

Date Public2022/12/09
Date First Published2022/12/12
Date Last Updated2024/02/14