U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2022-43466

Change History

CVE Modified by JPCERT/CC 2/14/2024 2:15:08 AM

Action Type Old Value New Value
Changed Description
Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
Added Reference

								
							
							
						
JPCERT/CC https://jvn.jp/en/vu/JVNVU97099584/ [No types assigned]
Added Reference

								
							
							
						
JPCERT/CC https://www.buffalo.jp/news/detail/20240131-01.html [No types assigned]
Removed Reference
JPCERT/CC https://jvn.jp/en/vu/JVNVU97099584/index.html

								
						
Removed Reference
JPCERT/CC https://www.buffalo.jp/news/detail/20221205-01.html