ID

VAR-202408-2291


CVE

CVE-2024-44072


TITLE

Buffalo radio LAN router and wireless LAN In repeaters OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

DESCRIPTION

Wireless provided by Buffalo Inc. LAN router and wireless LAN The repeater has OS command injection ( CWE-78 This vulnerability information was provided by the following person based on the Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developer. Reporter: National Institute of Information and Communications Technology Cyber Security Research Lab Yoshiki Mori Mr. Masaki Kubo MrA user who is logged in to the management screen of the product in question can send a crafted request from a specific screen, resulting in arbitrary OS The command may be executed.

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

AFFECTED PRODUCTS

vendor:バッファローmodel:wex-733dhpsscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-300hptx/nscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-300hp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wmr-300scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-300hps/nscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp3scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-600dscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhpsscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhptxscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp4scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wsr-600dhpscope:lteversion:ver. 2.93 and earlier s

Trust: 0.8

vendor:バッファローmodel:wsr-1166dhp3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2024-000087
value: HIGH

Trust: 0.8

IPA: JVNDB-2024-000087
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

PROBLEMTYPE DATA

problemtype:OS Command injection (CWE-78) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

PATCH

title:NICTER Important notice regarding posting ( 7/19 update)url:https://www.buffalo.jp/news/detail/20240719-01.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

EXTERNAL IDS

db:JVNid:JVN12824024

Trust: 0.8

db:NVDid:CVE-2024-44072

Trust: 0.8

db:JVNDBid:JVNDB-2024-000087

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

REFERENCES

url:https://jvn.jp/jp/jvn12824024/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

SOURCES

db:JVNDBid:JVNDB-2024-000087

LAST UPDATE DATE

2024-08-25T23:35:44.814000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-000087date:2024-08-23T03:20:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-000087date:2024-08-23T00:00:00