CVE-2022-39044 — MEDIUM (6.8)

Q: How severe is CVE-2022-39044?

CVE-2022-39044 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-39044?

Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wcr-300 Firmware, Buffalo Wcr-300, Buffalo Whr-Hp-G300N Firmware, Buffalo Whr-Hp-G300N, Buffalo Whr-Hp-Gn Firmware.

Vulnerability Description

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Buffalo	Wcr-300 Firmware	<= 1.87
Buffalo	Wcr-300	-
Buffalo	Whr-Hp-G300N Firmware	<= 2.00
Buffalo	Whr-Hp-G300N	-
Buffalo	Whr-Hp-Gn Firmware	<= 1.87
Buffalo	Whr-Hp-Gn	-
Buffalo	Wpl-05G300 Firmware	<= 1.88
Buffalo	Wpl-05G300	-
Buffalo	Wzr-300Hp Firmware	<= 2.00
Buffalo	Wzr-300Hp	-
Buffalo	Wzr-450Hp Firmware	<= 2.00
Buffalo	Wzr-450Hp	-
Buffalo	Wzr-600Dhp Firmware	<= 2.00
Buffalo	Wzr-600Dhp	-
Buffalo	Wzr-900Dhp Firmware	<= 1.15
Buffalo	Wzr-900Dhp	-
Buffalo	Wzr-Hp-Ag300H Firmware	<= 1.76
Buffalo	Wzr-Hp-Ag300H	-
Buffalo	Wzr-Hp-G302H Firmware	<= 1.86
Buffalo	Wzr-Hp-G302H	-

References

https://jvn.jp/en/vu/JVNVU92805279/index.htmlThird Party Advisory
https://www.buffalo.jp/news/detail/20221003-01.htmlPatchVendor Advisory
https://jvn.jp/en/vu/JVNVU92805279/index.htmlThird Party Advisory
https://www.buffalo.jp/news/detail/20221003-01.htmlPatchVendor Advisory

FAQ

What is CVE-2022-39044?

CVE-2022-39044 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/ver...

How severe is CVE-2022-39044?

CVE-2022-39044 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-39044?

Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wcr-300 Firmware, Buffalo Wcr-300, Buffalo Whr-Hp-G300N Firmware, Buffalo Whr-Hp-G300N, Buffalo Whr-Hp-Gn Firmware.