Sign-up

ID

VAR-202408-2291


CVE

CVE-2024-44072


TITLE

Buffalo radio LAN router and wireless LAN In repeaters OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

DESCRIPTION

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed. Wireless provided by Buffalo Inc. Reporter: National Institute of Information and Communications Technology Cyber Security Research Lab Yoshiki Mori Mr

Trust: 1.62

sources: NVD: CVE-2024-44072 // JVNDB: JVNDB-2024-000087

AFFECTED PRODUCTS

vendor:バッファローmodel:wex-733dhpsscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-300hptx/nscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-300hp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wmr-300scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-300hps/nscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp3scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-600dscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-1166dhpsscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhp2scope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhptxscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wex-733dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhp4scope: - version: -

Trust: 0.8

vendor:バッファローmodel:whr-1166dhpscope: - version: -

Trust: 0.8

vendor:バッファローmodel:wsr-600dhpscope:lteversion:ver. 2.93 and earlier s

Trust: 0.8

vendor:バッファローmodel:wsr-1166dhp3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-44072
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2024-000087
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-44072
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 4.7
version: 3.1

Trust: 1.0

IPA: JVNDB-2024-000087
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087 // NVD: CVE-2024-44072

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087 // NVD: CVE-2024-44072

PATCH

title:NICTER Important notice regarding posting ( 7/19 update)url:https://www.buffalo.jp/news/detail/20240719-01.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087

EXTERNAL IDS

db:JVNid:JVN12824024

Trust: 1.8

db:NVDid:CVE-2024-44072

Trust: 1.8

db:JVNDBid:JVNDB-2024-000087

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087 // NVD: CVE-2024-44072

REFERENCES

url:https://jvn.jp/en/jp/jvn12824024/

Trust: 1.0

url:https://www.buffalo.jp/news/detail/20240719-01.html

Trust: 1.0

url:https://jvn.jp/jp/jvn12824024/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000087 // NVD: CVE-2024-44072

SOURCES

db:JVNDBid:JVNDB-2024-000087
db:NVDid:CVE-2024-44072

LAST UPDATE DATE

2024-09-11T22:47:01.361000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-000087date:2024-08-23T03:20:00
db:NVDid:CVE-2024-44072date:2024-09-10T20:35:09.990

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-000087date:2024-08-23T00:00:00
db:NVDid:CVE-2024-44072date:2024-09-10T07:15:01.963