Vulnerability Description
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalo | Wsr-2533Dhp Firmware | < 1.07 |
| Buffalo | Wsr-2533Dhp | - |
| Buffalo | Wsr-2533Dhpl Firmware | < 1.07 |
| Buffalo | Wsr-2533Dhpl | - |
| Buffalo | Wsr-2533Dhp2 Firmware | < 1.11 |
| Buffalo | Wsr-2533Dhp2 | - |
| Buffalo | Wsr-A2533Dhp2 Firmware | < 1.11 |
| Buffalo | Wsr-A2533Dhp2 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN58236836/Third Party Advisory
- https://www.buffalo.jp/news/detail/20240410-01.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN58236836/Third Party Advisory
- https://www.buffalo.jp/news/detail/20240410-01.htmlVendor Advisory
FAQ
What is CVE-2024-23486?
CVE-2024-23486 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured ...
How severe is CVE-2024-23486?
CVE-2024-23486 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-23486?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wsr-2533Dhp Firmware, Buffalo Wsr-2533Dhp, Buffalo Wsr-2533Dhpl Firmware, Buffalo Wsr-2533Dhpl, Buffalo Wsr-2533Dhp2 Firmware.