cvelistv5 - cve-2022-43486

CVE-2022-43486 (GCVE-0-2022-43486)

Vulnerability from cvelistv5

Published

2022-12-19 00:00

Modified

2025-04-17 14:34

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

Hidden Functionality

Summary

References

URL

Tags

	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU97099584/
	vultures@jpcert.or.jp	https://www.buffalo.jp/news/detail/20240131-01.html
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU97099584/
	af854a3a-2127-422b-91ae-364da2661108	https://www.buffalo.jp/news/detail/20240131-01.html

Impacted products

Vendor

Product

Version

BUFFALO INC.

WXR-5700AX7S

Version: firmware Ver. 1.27 and earlier

BUFFALO INC.	WXR-5700AX7B	Version: firmware Ver. 1.27 and earlier
BUFFALO INC.	WSR-3200AX4S	Version: firmware Ver. 1.26 and earlier
BUFFALO INC.	WSR-3200AX4B	Version: firmware Ver. 1.25
BUFFALO INC.	WSR-2533DHP	Version: firmware Ver. 1.08 and earlier
BUFFALO INC.	WSR-2533DHP2	Version: firmware Ver. 1.22 and earlier
BUFFALO INC.	WSR-A2533DHP2	Version: firmware Ver. 1.22 and earlier
BUFFALO INC.	WSR-2533DHP3	Version: firmware Ver. 1.26 and earlier
BUFFALO INC.	WSR-A2533DHP3	Version: firmware Ver. 1.26 and earlier
BUFFALO INC.	WSR-2533DHPL	Version: firmware Ver. 1.08 and earlier
BUFFALO INC.	WSR-2533DHPL2	Version: firmware Ver. 1.03 and earlier
BUFFALO INC.	WSR-2533DHPLS	Version: firmware Ver. 1.07 and earlier
BUFFALO INC.	WSR-2533DHPLB	Version: firmware Ver. 1.05
BUFFALO INC.	WCR-1166DS	Version: firmware Ver. 1.34 and earlier
BUFFALO INC.	WEX-1800AX4	Version: firmware Ver. 1.13 and earlier
BUFFALO INC.	WEX-1800AX4EA	Version: firmware Ver. 1.13 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:32:59.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97099584/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43486",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T14:33:03.714783Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T14:34:25.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WXR-5700AX7S",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.27 and earlier"
            }
          ]
        },
        {
          "product": "WXR-5700AX7B",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.27 and earlier"
            }
          ]
        },
        {
          "product": "WSR-3200AX4S",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.26 and earlier"
            }
          ]
        },
        {
          "product": "WSR-3200AX4B",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.25"
            }
          ]
        },
        {
          "product": "WSR-2533DHP",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.08 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHP2",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.22 and earlier"
            }
          ]
        },
        {
          "product": "WSR-A2533DHP2",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.22 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHP3",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.26 and earlier"
            }
          ]
        },
        {
          "product": "WSR-A2533DHP3",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.26 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHPL",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.08 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHPL2",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.03 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHPLS",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.07 and earlier"
            }
          ]
        },
        {
          "product": "WSR-2533DHPLB",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.05"
            }
          ]
        },
        {
          "product": "WCR-1166DS",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.34 and earlier"
            }
          ]
        },
        {
          "product": "WEX-1800AX4",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.13 and earlier"
            }
          ]
        },
        {
          "product": "WEX-1800AX4EA",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Ver. 1.13 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T06:44:41.723Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97099584/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-43486",
    "datePublished": "2022-12-19T00:00:00.000Z",
    "dateReserved": "2022-12-05T00:00:00.000Z",
    "dateUpdated": "2025-04-17T14:34:25.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43486\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2022-12-19T03:15:10.633\",\"lastModified\":\"2025-04-17T15:15:48.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de funcionalidad oculta en dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versi\u00f3n del firmware WSR-3200AX4B. 1.25, versi\u00f3n del firmware WSR-2533DHP. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-A2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-A2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-2533DHPL. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHPL2. 1.03 y anteriores, versi\u00f3n del firmware WSR-2533DHPLS. 1.07 y anteriores, versi\u00f3n del firmware WCR-1166DS. 1.34 y anteriores, versi\u00f3n del firmware WEX-1800AX4. 1.13 y anteriores, y la versi\u00f3n del firmware WEX-1800AX4EA. 1.13 y versiones anteriores permiten que un atacante adyacente a la red con privilegios administrativos habilite las funcionalidades de depuraci\u00f3n y ejecute un comando arbitrario en el dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.26\",\"matchCriteriaId\":\"07164878-06B0-49DB-88D9-C149D72E67C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE5277EC-9BD1-40C3-B1B9-C67A1C45645C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30621C77-BB74-4862-A145-02113D009BF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC6F897-46FE-4629-80EC-2740FBA080FF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.22\",\"matchCriteriaId\":\"0A8060FF-BC01-493F-8C6A-367B6532CED1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08F476D3-8329-44B1-A2B0-B2AEB500863F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.22\",\"matchCriteriaId\":\"9EA7A67F-30F3-422E-9070-A2EA6353457E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BF474D3-21B8-47D5-BC18-443295C51638\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.26\",\"matchCriteriaId\":\"C1259443-53C8-4787-B427-81FD177E68A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE0A99BA-2724-4F68-94F7-8825A0588E6F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.26\",\"matchCriteriaId\":\"70BDFC2C-E148-4485-B2E6-33CA2276F751\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.03\",\"matchCriteriaId\":\"093EA797-1F83-4FAA-935E-31F8C9986857\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31E5BEB1-FCA6-49E9-A244-7AE3DDF83373\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.07\",\"matchCriteriaId\":\"387619C1-3F85-43DC-A4B1-FF24E2AD8382\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.13\",\"matchCriteriaId\":\"34FE69C5-AC26-4839-9495-3D6F9E34C20B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"751FA556-DDEC-4A69-A6F7-4959FAF6A5C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.13\",\"matchCriteriaId\":\"C04C137D-C6A9-4FC6-AEF0-5F42E16B46E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81507AF7-B640-4695-A095-20ADFD197C66\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.08\",\"matchCriteriaId\":\"366FE02C-D030-4D36-B9C4-167A58D38174\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1574DB7C-A19C-45B5-AD37-4C0AFE8CC798\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.08\",\"matchCriteriaId\":\"14367351-45B7-460E-80C2-D72609245466\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C23EE312-9ADE-4B0B-B7ED-F61AC441E5DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"EE85F7D6-76DB-47C6-BB61-1572B53E8D48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5537A90-A060-4CB4-8912-D7994AE75196\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU97099584/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.buffalo.jp/news/detail/20240131-01.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/vu/JVNVU97099584/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.buffalo.jp/news/detail/20240131-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.buffalo.jp/news/detail/20240131-01.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/vu/JVNVU97099584/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:32:59.550Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43486\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-17T14:33:03.714783Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T14:33:35.561Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"BUFFALO INC.\", \"product\": \"WXR-5700AX7S\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.27 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WXR-5700AX7B\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.27 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-3200AX4S\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.26 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-3200AX4B\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.25\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.08 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.22 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-A2533DHP2\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.22 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.26 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-A2533DHP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.26 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHPL\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.08 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHPL2\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.03 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHPLS\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.07 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WSR-2533DHPLB\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.05\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WCR-1166DS\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.34 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-1800AX4\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.13 and earlier\"}]}, {\"vendor\": \"BUFFALO INC.\", \"product\": \"WEX-1800AX4EA\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware Ver. 1.13 and earlier\"}]}], \"references\": [{\"url\": \"https://www.buffalo.jp/news/detail/20240131-01.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU97099584/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Hidden Functionality\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-02-14T06:44:41.723Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43486\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T14:34:25.560Z\", \"dateReserved\": \"2022-12-05T00:00:00.000Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2022-12-19T00:00:00.000Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

var-202212-0948

Vulnerability from variot

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202212-0948",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wsr-3200ax4s",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.26"
      },
      {
        "model": "wsr-2533dhpl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.08"
      },
      {
        "model": "wsr-2533dhp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.08"
      },
      {
        "model": "wcr-1166ds",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.34"
      },
      {
        "model": "wsr-3200ax4b",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.25"
      },
      {
        "model": "wsr-a2533dhp2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.22"
      },
      {
        "model": "wsr-2533dhpls",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.07"
      },
      {
        "model": "wex-1800ax4",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.13"
      },
      {
        "model": "wsr-2533dhpl2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.03"
      },
      {
        "model": "wsr-2533dhp2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.22"
      },
      {
        "model": "wex-1800ax4ea",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.13"
      },
      {
        "model": "wsr-2533dhp3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.26"
      },
      {
        "model": "wsr-a2533dhp3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "buffalo",
        "version": "1.26"
      },
      {
        "model": "wsr-2533dhpl2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhplb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhpl",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wxr-5700ax7b",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-a2533dhp2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhpls",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-3200ax4b",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wcr-1166ds",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wex-1800ax4ea",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhp3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wex-1800ax4",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wxr-5700ax7s",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-3200ax4s",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-a2533dhp3",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-1166dhp2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wxr-11000xe12",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      },
      {
        "model": "wsr-2533dhp2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "cve": "CVE-2022-43486",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "id": "CVE-2022-43486",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-002775",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-43486",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-002775",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202212-2828",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-43486"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVNVU97099584",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-43486",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-43486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "id": "VAR-202212-0948",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6166666666666667
  },
  "last_update_date": "2024-08-14T15:16:20.591000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Buffalo Co., Ltd. \u00a0 announcement page",
        "trust": 0.8,
        "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
      },
      {
        "title": "Buffalo network devices Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218326"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "OS Command injection (CWE-78) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Unpublished features (CWE-912) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://jvn.jp/en/vu/jvnvu97099584/"
      },
      {
        "trust": 1.0,
        "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97099584/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-43486/"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-43486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-43486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-43486"
      },
      {
        "date": "2022-12-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "date": "2022-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "date": "2022-12-19T03:15:10.633000",
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-43486"
      },
      {
        "date": "2024-02-14T06:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      },
      {
        "date": "2022-12-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      },
      {
        "date": "2024-02-14T07:15:09.107000",
        "db": "NVD",
        "id": "CVE-2022-43486"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Buffalo network equipment",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002775"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202212-2828"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2022-43486

Vulnerability from fkie_nvd

Published

2022-12-19 03:15

Modified

2025-04-17 15:15

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU97099584/
	vultures@jpcert.or.jp	https://www.buffalo.jp/news/detail/20240131-01.html
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU97099584/
	af854a3a-2127-422b-91ae-364da2661108	https://www.buffalo.jp/news/detail/20240131-01.html

Impacted products

Vendor	Product	Version
buffalo	wsr-3200ax4s_firmware	*
buffalo	wsr-3200ax4s	-
buffalo	wsr-3200ax4b_firmware	1.25
buffalo	wsr-3200ax4b	-
buffalo	wsr-2533dhp2_firmware	*
buffalo	wsr-2533dhp2	-
buffalo	wsr-a2533dhp2_firmware	*
buffalo	wsr-a2533dhp2	-
buffalo	wsr-2533dhp3_firmware	*
buffalo	wsr-2533dhp3	-
buffalo	wsr-a2533dhp3_firmware	*
buffalo	wsr-a2533dhp3	-
buffalo	wsr-2533dhpl2_firmware	*
buffalo	wsr-2533dhpl2	-
buffalo	wsr-2533dhpls_firmware	*
buffalo	wsr-2533dhpls	-
buffalo	wex-1800ax4_firmware	*
buffalo	wex-1800ax4	-
buffalo	wex-1800ax4ea_firmware	*
buffalo	wex-1800ax4ea	-
buffalo	wsr-2533dhp_firmware	*
buffalo	wsr-2533dhp	-
buffalo	wsr-2533dhpl_firmware	*
buffalo	wsr-2533dhpl	-
buffalo	wcr-1166ds_firmware	*
buffalo	wcr-1166ds	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07164878-06B0-49DB-88D9-C149D72E67C4",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5277EC-9BD1-40C3-B1B9-C67A1C45645C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "30621C77-BB74-4862-A145-02113D009BF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC6F897-46FE-4629-80EC-2740FBA080FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8060FF-BC01-493F-8C6A-367B6532CED1",
              "versionEndIncluding": "1.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F476D3-8329-44B1-A2B0-B2AEB500863F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA7A67F-30F3-422E-9070-A2EA6353457E",
              "versionEndIncluding": "1.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BF474D3-21B8-47D5-BC18-443295C51638",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1259443-53C8-4787-B427-81FD177E68A1",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0A99BA-2724-4F68-94F7-8825A0588E6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BDFC2C-E148-4485-B2E6-33CA2276F751",
              "versionEndIncluding": "1.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "093EA797-1F83-4FAA-935E-31F8C9986857",
              "versionEndIncluding": "1.03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E5BEB1-FCA6-49E9-A244-7AE3DDF83373",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "387619C1-3F85-43DC-A4B1-FF24E2AD8382",
              "versionEndIncluding": "1.07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FE69C5-AC26-4839-9495-3D6F9E34C20B",
              "versionEndIncluding": "1.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "751FA556-DDEC-4A69-A6F7-4959FAF6A5C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04C137D-C6A9-4FC6-AEF0-5F42E16B46E8",
              "versionEndIncluding": "1.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81507AF7-B640-4695-A095-20ADFD197C66",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FE02C-D030-4D36-B9C4-167A58D38174",
              "versionEndIncluding": "1.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1574DB7C-A19C-45B5-AD37-4C0AFE8CC798",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14367351-45B7-460E-80C2-D72609245466",
              "versionEndIncluding": "1.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23EE312-9ADE-4B0B-B7ED-F61AC441E5DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE85F7D6-76DB-47C6-BB61-1572B53E8D48",
              "versionEndIncluding": "1.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5537A90-A060-4CB4-8912-D7994AE75196",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de funcionalidad oculta en dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versi\u00f3n del firmware WSR-3200AX4B. 1.25, versi\u00f3n del firmware WSR-2533DHP. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-A2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-A2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-2533DHPL. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHPL2. 1.03 y anteriores, versi\u00f3n del firmware WSR-2533DHPLS. 1.07 y anteriores, versi\u00f3n del firmware WCR-1166DS. 1.34 y anteriores, versi\u00f3n del firmware WEX-1800AX4. 1.13 y anteriores, y la versi\u00f3n del firmware WEX-1800AX4EA. 1.13 y versiones anteriores permiten que un atacante adyacente a la red con privilegios administrativos habilite las funcionalidades de depuraci\u00f3n y ejecute un comando arbitrario en el dispositivo afectado."
    }
  ],
  "id": "CVE-2022-43486",
  "lastModified": "2025-04-17T15:15:48.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-19T03:15:10.633",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU97099584/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jvn.jp/en/vu/JVNVU97099584/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

cve-2022-43486

Vulnerability from jvndb

Published

2022-12-12 15:28

Modified

2024-02-14 15:45

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Buffalo network devices

Details

Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2022-43466 * OS Command Injection (CWE-78) - CVE-2022-43443 * Hidden Functionality (CWE-912) - CVE-2022-43486 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU97099584/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43466
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43443
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43486
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43443
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43466
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43486
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Hidden Functionality(CWE-912)	https://cwe.mitre.org/data/definitions/912.html

Impacted products

Vendor

Product

	BUFFALO INC.	WCR-1166DS firmware
	BUFFALO INC.	WCR-1166DS firmware
	BUFFALO INC.	WEX-1800AX4EA firmware
	BUFFALO INC.	WEX-1800AX4 firmware
	BUFFALO INC.	WSR-1166DHP2 firmware
	BUFFALO INC.	WSR-1166DHP firmware
	BUFFALO INC.	WSR-2533DHP2 firmware
	BUFFALO INC.	WSR-2533DHP3-BK firmware
	BUFFALO INC.	WSR-2533DHPL2-BK firmware
	BUFFALO INC.	WSR-2533DHPLB firmware
	BUFFALO INC.	WSR-2533DHPLS firmware
	BUFFALO INC.	WSR-2533DHPL firmware
	BUFFALO INC.	WSR-2533DHP firmware
	BUFFALO INC.	WSR-3200AX4B firmware
	BUFFALO INC.	WSR-3200AX4S firmware
	BUFFALO INC.	WSR-A2533DHP2 firmware
	BUFFALO INC.	WSR-A2533DHP3 firmware
	BUFFALO INC.	WXR-11000XE12 firmware
	BUFFALO INC.	WXR-5700AX7B firmware
	BUFFALO INC.	WXR-5700AX7S firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002775.html",
  "dc:date": "2024-02-14T15:45+09:00",
  "dcterms:issued": "2022-12-12T15:28+09:00",
  "dcterms:modified": "2024-02-14T15:45+09:00",
  "description": "Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below.\r\n\r\n  * OS Command Injection (CWE-78) - CVE-2022-43466\r\n  * OS Command Injection (CWE-78) - CVE-2022-43443\r\n  * Hidden Functionality (CWE-912) - CVE-2022-43486\r\n\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002775.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:buffalo_inc:wcr-1166ds_firmware",
      "@product": "WCR-1166DS firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wcr-1166ds_firmware",
      "@product": "WCR-1166DS firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wex-1800ax4ea_firmware",
      "@product": "WEX-1800AX4EA firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wex-1800ax4_firmware",
      "@product": "WEX-1800AX4 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-1166dhp2_firmware",
      "@product": "WSR-1166DHP2 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-1166dhp_firmware",
      "@product": "WSR-1166DHP firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhp2_firmware",
      "@product": "WSR-2533DHP2 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhp3-bk_firmware",
      "@product": "WSR-2533DHP3-BK firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhpl2-bk_firmware",
      "@product": "WSR-2533DHPL2-BK firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhplb_firmware",
      "@product": "WSR-2533DHPLB firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhpls_firmware",
      "@product": "WSR-2533DHPLS firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhpl_firmware",
      "@product": "WSR-2533DHPL firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-2533dhp_firmware",
      "@product": "WSR-2533DHP firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-3200ax4b_firmware",
      "@product": "WSR-3200AX4B firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-3200ax4s_firmware",
      "@product": "WSR-3200AX4S firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-a2533dhp2_firmware",
      "@product": "WSR-A2533DHP2 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wsr-a2533dhp3_firmware",
      "@product": "WSR-A2533DHP3 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wxr-11000xe12_firmware",
      "@product": "WXR-11000XE12 firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wxr-5700ax7b_firmware",
      "@product": "WXR-5700AX7B firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:buffalo_inc:wxr-5700ax7s_firmware",
      "@product": "WXR-5700AX7S firmware",
      "@vendor": "BUFFALO INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002775",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU97099584/index.html",
      "@id": "JVNVU#97099584",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43466",
      "@id": "CVE-2022-43466",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43443",
      "@id": "CVE-2022-43443",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43486",
      "@id": "CVE-2022-43486",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43443",
      "@id": "CVE-2022-43443",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43466",
      "@id": "CVE-2022-43466",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43486",
      "@id": "CVE-2022-43486",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/912.html",
      "@id": "CWE-912",
      "@title": "Hidden Functionality(CWE-912)"
    }
  ],
  "title": "Multiple vulnerabilities in Buffalo network devices"
}

gsd-2022-43486

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device.

Aliases

CVE-2022-43486

Aliases

CVE-2022-43486

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43486",
    "id": "GSD-2022-43486"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43486"
      ],
      "details": "Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device.",
      "id": "GSD-2022-43486",
      "modified": "2023-12-13T01:19:31.774064Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-43486",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WXR-5700AX7S",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.27 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WXR-5700AX7B",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.27 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-3200AX4S",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-3200AX4B",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.25"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.08 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.22 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-A2533DHP2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.22 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHP3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-A2533DHP3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.26 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.08 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPL2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.03 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPLS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.07 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WSR-2533DHPLB",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.05"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WCR-1166DS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.34 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WEX-1800AX4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.13 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WEX-1800AX4EA",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "firmware Ver. 1.13 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "BUFFALO INC."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Hidden Functionality"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.buffalo.jp/news/detail/20240131-01.html",
            "refsource": "MISC",
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU97099584/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU97099584/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07164878-06B0-49DB-88D9-C149D72E67C4",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AE5277EC-9BD1-40C3-B1B9-C67A1C45645C",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30621C77-BB74-4862-A145-02113D009BF7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6BC6F897-46FE-4629-80EC-2740FBA080FF",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A8060FF-BC01-493F-8C6A-367B6532CED1",
                    "versionEndIncluding": "1.22",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08F476D3-8329-44B1-A2B0-B2AEB500863F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9EA7A67F-30F3-422E-9070-A2EA6353457E",
                    "versionEndIncluding": "1.22",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9BF474D3-21B8-47D5-BC18-443295C51638",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C1259443-53C8-4787-B427-81FD177E68A1",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AE0A99BA-2724-4F68-94F7-8825A0588E6F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "70BDFC2C-E148-4485-B2E6-33CA2276F751",
                    "versionEndIncluding": "1.26",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "093EA797-1F83-4FAA-935E-31F8C9986857",
                    "versionEndIncluding": "1.03",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "31E5BEB1-FCA6-49E9-A244-7AE3DDF83373",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "387619C1-3F85-43DC-A4B1-FF24E2AD8382",
                    "versionEndIncluding": "1.07",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "34FE69C5-AC26-4839-9495-3D6F9E34C20B",
                    "versionEndIncluding": "1.13",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "751FA556-DDEC-4A69-A6F7-4959FAF6A5C8",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C04C137D-C6A9-4FC6-AEF0-5F42E16B46E8",
                    "versionEndIncluding": "1.13",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "81507AF7-B640-4695-A095-20ADFD197C66",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "366FE02C-D030-4D36-B9C4-167A58D38174",
                    "versionEndIncluding": "1.08",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1574DB7C-A19C-45B5-AD37-4C0AFE8CC798",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "14367351-45B7-460E-80C2-D72609245466",
                    "versionEndIncluding": "1.08",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C23EE312-9ADE-4B0B-B7ED-F61AC441E5DB",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EE85F7D6-76DB-47C6-BB61-1572B53E8D48",
                    "versionEndIncluding": "1.34",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F5537A90-A060-4CB4-8912-D7994AE75196",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de funcionalidad oculta en dispositivos de red Buffalo WSR-3200AX4S firmware Ver. 1.26 y anteriores, versi\u00f3n del firmware WSR-3200AX4B. 1.25, versi\u00f3n del firmware WSR-2533DHP. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-A2533DHP2. 1.22 y anteriores, versi\u00f3n del firmware WSR-2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-A2533DHP3. 1.26 y anteriores, versi\u00f3n del firmware WSR-2533DHPL. 1.08 y anteriores, versi\u00f3n del firmware WSR-2533DHPL2. 1.03 y anteriores, versi\u00f3n del firmware WSR-2533DHPLS. 1.07 y anteriores, versi\u00f3n del firmware WCR-1166DS. 1.34 y anteriores, versi\u00f3n del firmware WEX-1800AX4. 1.13 y anteriores, y la versi\u00f3n del firmware WEX-1800AX4EA. 1.13 y versiones anteriores permiten que un atacante adyacente a la red con privilegios administrativos habilite las funcionalidades de depuraci\u00f3n y ejecute un comando arbitrario en el dispositivo afectado."
          }
        ],
        "id": "CVE-2022-43486",
        "lastModified": "2024-02-14T07:15:09.107",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-12-19T03:15:10.633",
        "references": [
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://jvn.jp/en/vu/JVNVU97099584/"
          },
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          }
        ],
        "sourceIdentifier": "vultures@jpcert.or.jp",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-Other"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-2r4f-phw2-gpqp

Vulnerability from github

Published

2022-12-19 03:30

Modified

2025-04-17 15:32

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device.",
  "id": "GHSA-2r4f-phw2-gpqp",
  "modified": "2025-04-17T15:32:26Z",
  "published": "2022-12-19T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43486"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97099584"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-43486 (GCVE-0-2022-43486)

Vulnerability from cvelistv5

var-202212-0948

Vulnerability from variot

fkie_cve-2022-43486

Vulnerability from fkie_nvd

cve-2022-43486

Vulnerability from jvndb

gsd-2022-43486

Vulnerability from gsd

ghsa-2r4f-phw2-gpqp

Vulnerability from github

Tags

Sightings

Nomenclature