CVE-2022-43466

Published Dec 19, 2022
Last updated 9 months ago
CVSS medium 6.8
Overview

Description: OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Source: vultures@jpcert.or.jp
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-78
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07164878-06B0-49DB-88D9-C149D72E67C4",
            "versionEndIncluding": "1.26"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE5277EC-9BD1-40C3-B1B9-C67A1C45645C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30621C77-BB74-4862-A145-02113D009BF7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6BC6F897-46FE-4629-80EC-2740FBA080FF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A8060FF-BC01-493F-8C6A-367B6532CED1",
            "versionEndIncluding": "1.22"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08F476D3-8329-44B1-A2B0-B2AEB500863F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EA7A67F-30F3-422E-9070-A2EA6353457E",
            "versionEndIncluding": "1.22"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9BF474D3-21B8-47D5-BC18-443295C51638"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1259443-53C8-4787-B427-81FD177E68A1",
            "versionEndIncluding": "1.26"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE0A99BA-2724-4F68-94F7-8825A0588E6F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70BDFC2C-E148-4485-B2E6-33CA2276F751",
            "versionEndIncluding": "1.26"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B82FF3D2-7ACF-4121-AF92-4A0714EB0C7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "093EA797-1F83-4FAA-935E-31F8C9986857",
            "versionEndIncluding": "1.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "31E5BEB1-FCA6-49E9-A244-7AE3DDF83373"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387619C1-3F85-43DC-A4B1-FF24E2AD8382",
            "versionEndIncluding": "1.07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "310ACFB8-13EE-4A72-A9A0-3BFDAFF1ED1A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34FE69C5-AC26-4839-9495-3D6F9E34C20B",
            "versionEndIncluding": "1.13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "751FA556-DDEC-4A69-A6F7-4959FAF6A5C8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C04C137D-C6A9-4FC6-AEF0-5F42E16B46E8",
            "versionEndIncluding": "1.13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81507AF7-B640-4695-A095-20ADFD197C66"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
