CVE-2014-9284
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
09/06/2015
Last modified:
12/04/2025
Description
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Impact
Base Score 2.0
7.70
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:buffalotech:wsr-600dhp_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:wsr-600dhp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:whr-300hp2_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:whr-1166dhp_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:bhr-4grv2_firmware:*:*:*:*:*:*:*:* | 1.04 (including) | |
| cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:wmr-300_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:wex-300_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalotech:whr-600d_firmware:*:*:*:*:*:*:*:* | 1.60 (including) | |
| cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page