CVE-2022-43443
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
19/12/2022
Last modified:
17/04/2025
Description
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:* | 1.26 (including) | |
| cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:* | ||
| cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:* | 1.22 (including) | |
| cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:* | 1.22 (including) | |
| cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:* | 1.26 (including) | |
| cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:* | 1.26 (including) | |
| cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:* | 1.03 (including) | |
| cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:* | 1.07 (including) |
To consult the complete list of CPE names with products and versions, see this page