[Japanese]

JVNDB-2024-000087

BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection

Overview

Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability (CWE-78).

Yoshiki Mori and Masaki Kubo of National Institute of Information and Communications Technology, Cybersecurity Research Laboratory reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


BUFFALO INC.
  • WEX-1166DHP Ver. 1.23 and earlier
  • WEX-1166DHP2 Ver. 1.05 and earlier
  • WEX-1166DHPS Ver. 1.05 and earlier
  • WEX-300HPS/N Ver. 1.02 and earlier
  • WEX-300HPTX/N Ver. 1.02 and earlier
  • WEX-733DHP Ver. 1.64 and earlier
  • WEX-733DHP2 Ver. 1.03 and earlier
  • WEX-733DHPS Ver. 1.02 and earlier
  • WEX-733DHPTX Ver. 1.03 and earlier
  • WHR-1166DHP2 Ver. 2.95 and earlier
  • WHR-1166DHP3 Ver. 2.95 and earlier
  • WHR-1166DHP4 Ver. 2.95 and earlier
  • WSR-1166DHP3 Ver. 1.18 and earlier
  • WHR-1166DHP Ver. 2.92 and earlier
  • WHR-300HP2 Ver. 2.51 and earlier
  • WHR-600D Ver. 2.91 and earlier
  • WMR-300 Ver. 2.50 and earlier
  • WSR-600DHP Ver. 2.93 and earlier

Impact

If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Vendor Information

BUFFALO INC.
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-44072
References

  1. JVN : JVN#12824024
Revision History

  • [2024/08/23]
      Web page was published