[{"vendor":"buffalo_inc","product":"wcr_1166ds","defaultStatus":"unknown","cpes":["cpe:2.3:h:buffalo_inc:wcr_1166ds:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"1.32","versionType":"custom","status":"affected"}]}]

{"timestamp":"2024-07-15T16:06:58.717753Z","id":"CVE-2024-26023","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"BUFFALO INC.","product":"WCR-1166DS","versions":[{"version":"firmware Ver. 1.32 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-1166DHP","versions":[{"version":"firmware Ver. 1.14 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-1166DHP2","versions":[{"version":"firmware Ver. 1.14 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-2533DHP","versions":[{"version":"firmware Ver. 1.06 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-2533DHPL","versions":[{"version":"firmware Ver. 1.06 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-2533DHP2","versions":[{"version":"firmware Ver. 1.10 and earlier","status":"affected"}]},{"vendor":"BUFFALO INC.","product":"WSR-A2533DHP2","versions":[{"version":"firmware Ver. 1.10 and earlier","status":"affected"}]}]

AND
     OR
          *cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.33
     OR
          cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-1166dhp2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15
     OR
          cpe:2.3:h:buffalo:wsr-1166dhp2:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-1166dhp_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15
     OR
          cpe:2.3:h:buffalo:wsr-1166dhp:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.11
     OR
          cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.07
     OR
          cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.07
     OR
          cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.11
     OR
          cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*

CVE: https://jvn.jp/en/jp/JVN58236836/ Types: Third Party Advisory

CVE: https://www.buffalo.jp/news/detail/20240410-01.html Types: Vendor Advisory

JPCERT/CC: https://jvn.jp/en/jp/JVN58236836/ Types: Third Party Advisory

JPCERT/CC: https://www.buffalo.jp/news/detail/20240410-01.html Types: Vendor Advisory

https://jvn.jp/en/jp/JVN58236836/

https://www.buffalo.jp/news/detail/20240410-01.html

CISA-ADP AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA-ADP CWE-78

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

JPCERT/CC https://jvn.jp/en/jp/JVN58236836/ [No types assigned]

JPCERT/CC https://www.buffalo.jp/news/detail/20240410-01.html [No types assigned]