CVE-2022-43466

Name of the Vulnerable Software and Affected Versions Buffalo network devices WSR-3200AX4S versions 1.26 and earlier Buffalo network devices WSR-3200AX4B version 1.25 Buffalo network devices WSR-2533DHP2 versions 1.22 and earlier Buffalo network devices WSR-A2533DHP2 versions 1.22 and earlier Buffalo network devices WSR-2533DHP3 versions 1.26 and earlier Buffalo network devices WSR-A2533DHP3 versions 1.26 and earlier Buffalo network devices WSR-2533DHPL2 versions 1.03 and earlier Buffalo network devices WSR-2533DHPLS versions 1.07 and earlier Buffalo network devices WEX-1800AX4 versions 1.13 and earlier Buffalo network devices WEX-1800AX4EA versions 1.13 and earlier

Description The issue allows a network-adjacent attacker with administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

Recommendations For Buffalo network devices WSR-3200AX4S versions 1.26 and earlier, update to a version later than 1.26. For Buffalo network devices WSR-3200AX4B version 1.25, update to a version later than 1.25. For Buffalo network devices WSR-2533DHP2 versions 1.22 and earlier, update to a version later than 1.22. For Buffalo network devices WSR-A2533DHP2 versions 1.22 and earlier, update to a version later than 1.22. For Buffalo network devices WSR-2533DHP3 versions 1.26 and earlier, update to a version later than 1.26. For Buffalo network devices WSR-A2533DHP3 versions 1.26 and earlier, update to a version later than 1.26. For Buffalo network devices WSR-2533DHPL2 versions 1.03 and earlier, update to a version later than 1.03. For Buffalo network devices WSR-2533DHPLS versions 1.07 and earlier, update to a version later than 1.07. For Buffalo network devices WEX-1800AX4 versions 1.13 and earlier, update to a version later than 1.13. For Buffalo network devices WEX-1800AX4EA versions 1.13 and earlier, update to a version later than 1.13.