CVE-2022-34840
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
07/12/2022
Last modified:
23/04/2025
Description
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-900dhp_firmware:*:*:*:*:*:*:*:* | 1.15 (including) | |
| cpe:2.3:h:buffalo:wzr-900dhp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:* | 2.00 (including) | |
| cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wzr-600dhp2_firmware:*:*:*:*:*:*:*:* | 1.15 (including) |
To consult the complete list of CPE names with products and versions, see this page