PT-2015-4178 · Buffalo · Whr-600D+6

Masashi Sakai

Published

2015-06-09

Updated

2015-06-16

CVE-2014-9284

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Buffalo WHR-1166DHP versions 1.60 and earlier Buffalo WSR-600DHP versions 1.60 and earlier Buffalo WHR-600D versions 1.60 and earlier Buffalo WHR-300HP2 versions 1.60 and earlier Buffalo WMR-300 versions 1.60 and earlier Buffalo WEX-300 versions 1.60 and earlier Buffalo BHR-4GRV2 versions 1.04 and earlier

Description The issue allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Recommendations For Buffalo WHR-1166DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WSR-600DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-600D versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-300HP2 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WMR-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WEX-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-9284

Affected Products

Bhr-4Grv2

Wex-300

Whr-1166Dhp

Whr-300Hp2

Whr-600D

Wmr-300

Wsr-600Dhp

PT-2015-4178 · Buffalo · Whr-600D+6

CVE-2014-9284

Weakness Enumeration

Related Identifiers

Affected Products

References · 3