CVE-2014-9284

Published Jun 9, 2015

Last updated 9 years ago

CVSS info 7.7

Overview

Description: The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.7
Impact score: 10
Exploitability score: 5.1
Vector string: AV:A/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wsr-600dhp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "359A0C85-867C-4956-B9EF-DF246236056C",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wsr-600dhp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "219303A3-2247-4E89-8D11-594DE0AF7A67"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-300hp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45050739-EA75-4DB2-9B13-4F295F4FD4E4",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DBC2CA67-6E1C-4AA1-B3B2-B0CAC8F16BDC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-1166dhp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCABEA51-6898-44A4-B23F-21FC52293ED3",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D857063-0CB1-4B06-A7E5-39D5A995AB51"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DF7FB55C-6A22-4750-B44B-19E1427AF251"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:bhr-4grv2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2035F903-836C-476B-977A-7A97FB6F80B2",
            "versionEndIncluding": "1.04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2A3F352-8B87-466F-A0FA-BD14B9CF9D2F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wmr-300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18A843F7-4F66-4998-BA89-E7CBAAA8D33C",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0DA4990B-8BD9-45FD-8398-BA8DC71FDEC3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:wex-300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD860D85-EA4D-4BCD-AC79-9A5E89BFB24B",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1267DDE-4D61-4498-9DFD-B429CC49696E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalotech:whr-600d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAEFA4D3-3B67-4BB5-849D-AB12CA205860",
            "versionEndIncluding": "1.60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References