CVE-2022-43443

Name of the Vulnerable Software and Affected Versions Buffalo network devices WSR-3200AX4S versions 1.26 and earlier Buffalo network devices WSR-3200AX4B version 1.25 Buffalo network devices WSR-2533DHP versions 1.08 and earlier Buffalo network devices WSR-2533DHP2 versions 1.22 and earlier Buffalo network devices WSR-A2533DHP2 versions 1.22 and earlier Buffalo network devices WSR-2533DHP3 versions 1.26 and earlier Buffalo network devices WSR-A2533DHP3 versions 1.26 and earlier Buffalo network devices WSR-2533DHPL versions 1.08 and earlier Buffalo network devices WSR-2533DHPL2 versions 1.03 and earlier Buffalo network devices WSR-2533DHPLS versions 1.07 and earlier Buffalo network devices WCR-1166DS versions 1.34 and earlier

Description The issue allows a network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

Recommendations For WSR-3200AX4S versions 1.26 and earlier, update to a version later than 1.26. For WSR-3200AX4B version 1.25, update to a version later than 1.25. For WSR-2533DHP versions 1.08 and earlier, update to a version later than 1.08. For WSR-2533DHP2 versions 1.22 and earlier, update to a version later than 1.22. For WSR-A2533DHP2 versions 1.22 and earlier, update to a version later than 1.22. For WSR-2533DHP3 versions 1.26 and earlier, update to a version later than 1.26. For WSR-A2533DHP3 versions 1.26 and earlier, update to a version later than 1.26. For WSR-2533DHPL versions 1.08 and earlier, update to a version later than 1.08. For WSR-2533DHPL2 versions 1.03 and earlier, update to a version later than 1.03. For WSR-2533DHPLS versions 1.07 and earlier, update to a version later than 1.07. For WCR-1166DS versions 1.34 and earlier, update to a version later than 1.34.