CVE-2022-43486
First published: Mon Dec 19 2022(Updated: )
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Buffalo Wsr-3200ax4s Firmware | <=1.26 | |
| Buffalo Wsr-3200ax4s Firmware | ||
| Buffalo WSR-3200AX4B Firmware | =1.25 | |
| Buffalo WSR-3200AX4B Firmware | ||
| Buffalo WSR-A2533DHP2 Firmware | <=1.22 | |
| Buffalo WSR-A2533DHP2 Firmware | ||
| Buffalo WSR-A2533DHP2 Firmware | <=1.22 | |
| Buffalo WSR-A2533DHP2 Firmware | ||
| Buffalo WSR-A2533DHP3 Firmware | <=1.26 | |
| Buffalo WSR-A2533DHP3 Firmware | ||
| Buffalo Wsr-a2533dhp3 | <=1.26 | |
| Buffalo WSR-A2533DHP3 Firmware | ||
| Buffalo Wsr-2533dhpl2-bk Firmware | <=1.03 | |
| Buffalo WSR-2533DHPL2-BK | ||
| Buffalo WSR-2533DHPLS | <=1.07 | |
| Buffalo WSR-2533DHPLS | ||
| Buffalo Wex-1800ax4ea Firmware | <=1.13 | |
| Buffalo Wex-1800ax4ea Firmware | ||
| Buffalo Wex-1800ax4ea Firmware | <=1.13 | |
| Buffalo Wex-1800ax4ea Firmware | ||
| Buffalo WSR-2533DHP Firmware | <=1.08 | |
| Buffalo WSR-2533DHP Firmware | ||
| Buffalo Wsr-2533dhpls Firmware | <=1.08 | |
| Buffalo Wsr-2533dhpl Firmware | ||
| Buffalo WCR-1166DS Firmware | <=1.34 | |
| Buffalo WCR-1166DS Firmware | ||
| All of | ||
| Buffalo Wsr-3200ax4s Firmware | <=1.26 | |
| Buffalo Wsr-3200ax4s Firmware | ||
| All of | ||
| Buffalo WSR-3200AX4B Firmware | =1.25 | |
| Buffalo WSR-3200AX4B Firmware | ||
| All of | ||
| Buffalo WSR-A2533DHP2 Firmware | <=1.22 | |
| Buffalo WSR-A2533DHP2 Firmware | ||
| All of | ||
| Buffalo WSR-A2533DHP2 Firmware | <=1.22 | |
| Buffalo WSR-A2533DHP2 Firmware | ||
| All of | ||
| Buffalo WSR-A2533DHP3 Firmware | <=1.26 | |
| Buffalo WSR-A2533DHP3 Firmware | ||
| All of | ||
| Buffalo Wsr-a2533dhp3 | <=1.26 | |
| Buffalo WSR-A2533DHP3 Firmware | ||
| All of | ||
| Buffalo Wsr-2533dhpl2-bk Firmware | <=1.03 | |
| Buffalo WSR-2533DHPL2-BK | ||
| All of | ||
| Buffalo WSR-2533DHPLS | <=1.07 | |
| Buffalo WSR-2533DHPLS | ||
| All of | ||
| Buffalo Wex-1800ax4ea Firmware | <=1.13 | |
| Buffalo Wex-1800ax4ea Firmware | ||
| All of | ||
| Buffalo Wex-1800ax4ea Firmware | <=1.13 | |
| Buffalo Wex-1800ax4ea Firmware | ||
| All of | ||
| Buffalo WSR-2533DHP Firmware | <=1.08 | |
| Buffalo WSR-2533DHP Firmware | ||
| All of | ||
| Buffalo Wsr-2533dhpls Firmware | <=1.08 | |
| Buffalo Wsr-2533dhpl Firmware | ||
| All of | ||
| Buffalo WCR-1166DS Firmware | <=1.34 | |
| Buffalo WCR-1166DS Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-43486.
Which Buffalo network devices are affected by this vulnerability?
The Buffalo network devices affected by this vulnerability are WSR-3200AX4S (firmware Ver. 1.26 and earlier), WSR-3200AX4B (firmware Ver. 1.25), WSR-2533DHP (firmware Ver. 1.08 and earlier), WSR-2533DHP2 (firmware Ver. 1.22 and earlier), WSR-A2533DHP2 (firmware Ver. 1.22 and earlier), WSR-2533DHP3 (firmware Ver. 1.26), WSR-A2533DHP3 (firmware Ver. 1.26), WSR-2533DHPL2 (firmware Ver. 1.03), WSR-2533DHPLS (firmware Ver. 1.07), WEX-1800AX4 (firmware Ver. 1.13), WEX-1800AX4EA (firmware Ver. 1.13), WSR-2533DHP, WSR-2533DHPL, and WCR-1166DS (firmware Ver. 1.34).
What is the severity rating of CVE-2022-43486?
The severity rating of CVE-2022-43486 is medium with a score of 6.8.
What is the recommended action to fix this vulnerability?
To fix this vulnerability, update the firmware of the affected Buffalo network devices to the latest version provided by Buffalo.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the JVN and Buffalo websites. Please refer to the provided references for details.
- agent/type
- agent/remedy
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/buffalo
- canonical/buffalo wsr-3200ax4s firmware
- version/buffalo wsr-3200ax4s firmware/1.26
- canonical/buffalo wsr-3200ax4b firmware
- version/buffalo wsr-3200ax4b firmware/1.25
- canonical/buffalo wsr-a2533dhp2 firmware
- version/buffalo wsr-a2533dhp2 firmware/1.22
- canonical/buffalo wsr-a2533dhp3 firmware
- version/buffalo wsr-a2533dhp3 firmware/1.26
- canonical/buffalo wsr-a2533dhp3
- version/buffalo wsr-a2533dhp3/1.26
- canonical/buffalo wsr-2533dhpl2-bk firmware
- version/buffalo wsr-2533dhpl2-bk firmware/1.03
- canonical/buffalo wsr-2533dhpl2-bk
- canonical/buffalo wsr-2533dhpls
- version/buffalo wsr-2533dhpls/1.07
- canonical/buffalo wex-1800ax4ea firmware
- version/buffalo wex-1800ax4ea firmware/1.13
- canonical/buffalo wsr-2533dhp firmware
- version/buffalo wsr-2533dhp firmware/1.08
- canonical/buffalo wsr-2533dhpls firmware
- version/buffalo wsr-2533dhpls firmware/1.08
- canonical/buffalo wsr-2533dhpl firmware
- canonical/buffalo wcr-1166ds firmware
- version/buffalo wcr-1166ds firmware/1.34