JVN#12824024
BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
Overview
BUFFALO wireless LAN routers and wireless LAN repeaters contain an OS command injection vulnerability.
Products Affected
- WHR-1166DHP2 Ver. 2.95 and earlier
- WHR-1166DHP3 Ver. 2.95 and earlier
- WHR-1166DHP4 Ver. 2.95 and earlier
- WSR-1166DHP3 Ver. 1.18 and earlier
- WSR-600DHP Ver. 2.93 and earlier
- WEX-300HPTX/N Ver. 1.02 and earlier
- WEX-733DHP2 Ver. 1.03 and earlier
- WEX-1166DHP2 Ver. 1.05 and earlier
- WEX-1166DHPS Ver. 1.05 and earlier
- WEX-300HPS/N Ver. 1.02 and earlier
- WEX-733DHPS Ver. 1.02 and earlier
- WEX-733DHPTX Ver. 1.03 and earlier
- WEX-1166DHP Ver. 1.23 and earlier
- WEX-733DHP Ver. 1.64 and earlier
- WHR-1166DHP Ver. 2.92 and earlier
- WHR-300HP2 Ver. 2.51 and earlier
- WHR-600D Ver. 2.91 and earlier
- WMR-300 Ver. 2.50 and earlier
Description
Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability (CWE-78).
Impact
If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| BUFFALO INC. | Vulnerable | 2024/08/23 | BUFFALO INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Yoshiki Mori and Masaki Kubo of National Institute of Information and Communications Technology, Cybersecurity Research Laboratory reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2024-44072 |
| JVN iPedia |
JVNDB-2024-000087 |