Sign-up

ID

VAR-201506-0008


CVE

CVE-2014-9284


TITLE

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Trust: 0.8

sources: JVNDB: JVNDB-2015-000085

DESCRIPTION

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may be able to execute arbitrary OS commands. Buffalo WHR-1166DHP, etc

Trust: 2.52

sources: NVD: CVE-2014-9284 // JVNDB: JVNDB-2015-000085 // CNVD: CNVD-2015-03768 // BID: 75062 // VULHUB: VHN-77229

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03768

AFFECTED PRODUCTS

vendor:buffalotechmodel:whr-300hp2scope:lteversion:1.60

Trust: 1.0

vendor:buffalotechmodel:wmr-300scope:lteversion:1.60

Trust: 1.0

vendor:buffalotechmodel:bhr-4grv2scope:lteversion:1.04

Trust: 1.0

vendor:buffalotechmodel:wex-300scope:lteversion:1.60

Trust: 1.0

vendor:buffalotechmodel:whr-1166dhpscope:lteversion:1.60

Trust: 1.0

vendor:buffalotechmodel:whr-600dscope:lteversion:1.60

Trust: 1.0

vendor:buffalotechmodel:wsr-600dhpscope:lteversion:1.60

Trust: 1.0

vendor:buffalomodel:bhr-4grv2scope:lteversion:ver.1.04

Trust: 0.8

vendor:buffalomodel:wex-300scope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalomodel:whr-1166dhpscope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalomodel:whr-300hp2scope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalomodel:whr-600dscope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalomodel:wmr-300scope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalomodel:wsr-600dhpscope:lteversion:ver.1.60

Trust: 0.8

vendor:buffalotechmodel:whr-1166dhpscope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:wsr-600dhpscope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:whr-600dscope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:whr-300hp2scope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:wmr-300scope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:wex-300scope:ltversion:1.60

Trust: 0.6

vendor:buffalotechmodel:bhr-4grv2scope:ltversion:1.04

Trust: 0.6

vendor:buffalotechmodel:wsr-600dhpscope:eqversion:1.60

Trust: 0.6

vendor:buffalotechmodel:whr-1166dhpscope:eqversion:1.60

Trust: 0.6

vendor:buffalotechmodel:whr-600dscope:eqversion:1.60

Trust: 0.6

vendor:buffalotechmodel:bhr-4grv2scope:eqversion:1.04

Trust: 0.6

vendor:buffalotechmodel:whr-300hp2scope:eqversion:1.60

Trust: 0.6

vendor:buffalotechmodel:wex-300scope:eqversion:1.60

Trust: 0.6

vendor:buffalotechmodel:wmr-300scope:eqversion:1.60

Trust: 0.6

vendor:buffalomodel:technology wsr-600dhpscope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology wmr-300scope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology whr-600dscope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology whr-300hp2scope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology whr-1166dhpscope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology wex-300scope:eqversion:1.60

Trust: 0.3

vendor:buffalomodel:technology bhr-4grv2scope:eqversion:1.04

Trust: 0.3

sources: CNVD: CNVD-2015-03768 // BID: 75062 // JVNDB: JVNDB-2015-000085 // CNNVD: CNNVD-201506-119 // NVD: CVE-2014-9284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9284
value: HIGH

Trust: 1.0

IPA: JVNDB-2015-000085
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03768
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-119
value: HIGH

Trust: 0.6

VULHUB: VHN-77229
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9284
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000085
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-03768
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77229
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03768 // VULHUB: VHN-77229 // JVNDB: JVNDB-2015-000085 // CNNVD: CNNVD-201506-119 // NVD: CVE-2014-9284

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-77229 // JVNDB: JVNDB-2015-000085 // NVD: CVE-2014-9284

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201506-119

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201506-119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000085

PATCH
title:BUFFALO INC. websiteurl:http://www.buffalotech.com/select-your-region#
Trust: 0.8
title:Patches for arbitrary Buffalo router arbitrary command execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/59524
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03768 // 
            
            
            
            JVNDB: JVNDB-2015-000085

EXTERNAL IDS
db:JVNid:JVN50447904
Trust: 3.4
db:NVDid:CVE-2014-9284
Trust: 3.4
db:JVNDBid:JVNDB-2015-000085
Trust: 3.4
db:BIDid:75062
Trust: 1.0
db:CNNVDid:CNNVD-201506-119
Trust: 0.7
db:CNVDid:CNVD-2015-03768
Trust: 0.6
db:VULHUBid:VHN-77229
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03768 // 
            
            
            
            VULHUB: VHN-77229 // 
            
            
            
            BID: 75062 // 
            
            
            
            JVNDB: JVNDB-2015-000085 // 
            
            
            
            CNNVD: CNNVD-201506-119 // 
            
            
            
            NVD: CVE-2014-9284

REFERENCES
url:http://jvn.jp/en/jp/jvn50447904/index.html
Trust: 3.4
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000085
Trust: 1.7
url:http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000085.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9284
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9284
Trust: 0.8
url:http://www.buffalotech.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03768 // 
            
            
            
            VULHUB: VHN-77229 // 
            
            
            
            BID: 75062 // 
            
            
            
            JVNDB: JVNDB-2015-000085 // 
            
            
            
            CNNVD: CNNVD-201506-119 // 
            
            
            
            NVD: CVE-2014-9284

CREDITS
Masashi Sakai, and Satoshi Ogawa.
Trust: 0.3
sources:
            
            
            BID: 75062

SOURCES
db:CNVDid:CNVD-2015-03768
db:VULHUBid:VHN-77229
db:BIDid:75062
db:JVNDBid:JVNDB-2015-000085
db:CNNVDid:CNNVD-201506-119
db:NVDid:CVE-2014-9284

LAST UPDATE DATE
2024-08-14T13:57:34.470000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03768date:2015-06-12T00:00:00
db:VULHUBid:VHN-77229date:2015-06-16T00:00:00
db:BIDid:75062date:2015-06-05T00:00:00
db:JVNDBid:JVNDB-2015-000085date:2015-06-10T00:00:00
db:CNNVDid:CNNVD-201506-119date:2015-06-09T00:00:00
db:NVDid:CVE-2014-9284date:2015-06-16T15:59:44.057

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03768date:2015-06-12T00:00:00
db:VULHUBid:VHN-77229date:2015-06-09T00:00:00
db:BIDid:75062date:2015-06-05T00:00:00
db:JVNDBid:JVNDB-2015-000085date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-119date:2015-06-09T00:00:00
db:NVDid:CVE-2014-9284date:2015-06-09T00:59:00.073