medium
6.8
Advisory Published
Updated

CVE-2022-39044

First published: Wed Dec 07 2022(Updated: )

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Arcadyan Buffalo Firmware<=1.87
Buffalo WCR-300 firmware
Buffalo WHR-HP-G300N<=2.00
Buffalo WHR-HP-G300N firmware
Buffalo WHR-HP-GN Firmware<=1.87
Buffalo WHR-HP-GN firmware
Buffalo WPL-05G300<=1.88
Buffalo WPL-05G300 firmware
Buffalo WZR-300HP firmware<=2.00
Buffalo WZR-300HP firmware
Buffalo WZR-450HP<=2.00
Buffalo WZR-450HP firmware
Buffalo WZR-600DHP firmware<=2.00
BUFFALO wireless LAN routers
Buffalo WZR-900DHP firmware<=1.15
Buffalo WZR-900DHP firmware
Buffalo WZR-HP-AG300H<=1.76
Buffalo WZR-HP-AG300H firmware
Buffalo WZR-HP-G302H<=1.86
Buffalo WZR-HP-G302H firmware
Buffalo WLAE-AG300N firmware<=1.86
Buffalo WLAE-AG300N firmware
Arcadyan Buffalo Firmware<=3.40
Buffalo FS-600DHP firmware
Buffalo FS-G300N<=3.14
Buffalo FS-G300N firmware
Buffalo FS-HP-G300N firmware<=3.33
Buffalo FS-HP-G300N firmware
Buffalo FS-R600DHP<=3.40
Buffalo FS-R600DHP firmware
Arcadyan Buffalo Firmware<=2.00
Buffalo BHR-4GRV firmware
Buffalo DWR-HP-G300NH<=1.84
Buffalo DWR-HP-G300NH firmware
Buffalo DWR-PG firmware<=1.83
Buffalo DWR-PG firmware
Buffalo HW-450HP-ZWE<=2.00
Buffalo HW-450HP-ZWE firmware
Buffalo Technology WER-A54G54<=1.43
Buffalo Technology WER-A54G54
Buffalo Technology WER-AG54 Firmware<=1.43
Buffalo WER-AG54 firmware
Buffalo Tech WER-AM54G54 Firmware<=1.43
Buffalo Tech WER-AM54G54 Firmware
Buffalo WER-AMG54<=1.43
Buffalo Technology WER-AMG54
Arcadyan Buffalo Firmware<=2.00
Buffalo WHR-300
Buffalo WHR-300HP firmware<=2.00
Buffalo WHR-300HP2
Buffalo WHR-AMG54 Firmware<=1.43
Buffalo WHR-AMG54 Firmware
Buffalo WHR-AMG54 Firmware<=1.43
Buffalo WHR-AMG54 firmware
Buffalo Technology WHR-AMPG<=1.52
Buffalo WHR-AMPG firmware
Buffalo WHR-G Firmware<=1.49
Buffalo Technology WHR-G Series
Buffalo WHR-G300N<=1.65
Buffalo WHR-HP-G300N
Buffalo WHR-G301N<=1.87
Buffalo WHR-G301N firmware
Buffalo WHR-G54S Firmware<=1.43
Buffalo Airstation WHR-G54S firmware
Buffalo WHR-G54S Firmware<=1.24
Buffalo WHR-G54S-NI firmware
Buffalo WHR-HP-AMPG firmware<=1.49
Buffalo Technology WHR-HP-AMPG
Buffalo WHR-HP-G firmware<=1.49
Buffalo Technology WHR-HP-G
Buffalo WHR-HP-G firmware<=1.43
Buffalo WHR-HP-G54 Firmware
Buffalo WLI-H4-D600 firmware<=1.88
Buffalo WLI-H4-D600 firmware
Buffalo WLI-TX4-AG300N<=1.53
Buffalo WLI-TX4-AG300N firmware
Arcadyan Buffalo Firmware<=1.60
Buffalo WS024BF firmware
Arcadyan Buffalo Firmware<=1.60
Buffalo WS024BF-NW firmware
Buffalo WZR2-G108 firmware<=1.33
Buffalo WZR2-G108 firmware
Buffalo Technology WZR2-G300N Firmware<=1.55
Buffalo Technology WZR2-G300N Firmware
Buffalo WZR-450HP<=2.00
Buffalo WZR-450HP
Buffalo WZR-450HP firmware<=2.00
Buffalo WZR-450HP-UB firmware
Buffalo WZR-600DHP2 firmware<=1.15
Buffalo WZR-600DHP2 firmware
Buffalo WZR-AGL300NH firmware<=1.55
Buffalo WZR-AGL300NH firmware
Buffalo WZR-AMPG144NH<=1.49
Buffalo WZR-AMPG144NH firmware
Buffalo Technology WZR-AMPG300NH<=1.51
Buffalo WZR-AMPG300NH firmware
Buffalo WZR-D1100H<=2.00
Buffalo WZR-D1100H firmware
Buffalo Technology WZR-G144N Firmware<=1.48
Buffalo WZR-G144N firmware
Buffalo Technology WZR-G144NH Firmware<=1.48
Buffalo WZR-G144NH firmware
Buffalo WZR-HP-G300NH firmware<=1.84
Buffalo WZR-HP-G300NH firmware
Buffalo WZR-HP-G301NH<=1.84
Buffalo WZR-HP-G301NH firmware
Buffalo WZR-HP-G450H<=1.90
Buffalo WZR-HP-G450H firmware

Remedy

https://www.buffalo.jp/news/detail/20221003-01.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-39044?

    CVE-2022-39044 is rated as a high severity vulnerability due to its potential to allow unauthorized remote command execution.

  • How do I fix CVE-2022-39044?

    To mitigate CVE-2022-39044, update the firmware of affected Buffalo devices to the latest versions that address this vulnerability.

  • Which Buffalo devices are affected by CVE-2022-39044?

    CVE-2022-39044 affects multiple Buffalo network devices, including WCR-300 firmware versions 1.87 and earlier, WHR-HP-G300N firmware versions 2.00 and earlier, among others.

  • What type of attack can CVE-2022-39044 facilitate?

    CVE-2022-39044 can allow an attacker with administrative privileges to execute arbitrary OS commands on vulnerable Buffalo devices.

  • Are there any workarounds for CVE-2022-39044 while waiting for a patch?

    There are no recommended workarounds for CVE-2022-39044, so updating the firmware is the best preventive action.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203