CVE-2022-43466 Information

Description

Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier WSR-3200AX4B firmware Ver. 1.25 WSR-2533DHP2 firmware Ver. 1.22 and earlier WSR-A2533DHP2 firmware Ver. 1.22 and earlier WSR-2533DHP3 firmware Ver. 1.26 and earlier WSR-A2533DHP3 firmware Ver. 1.26 and earlier WSR-2533DHPL2 firmware Ver. 1.03 and earlier WSR-2533DHPLS firmware Ver. 1.07 and earlier WEX-1800AX4 firmware Ver. 1.13 and earlier and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

Reference

https://jvn.jp/en/vu/JVNVU97099584/index.html https://www.buffalo.jp/news/detail/20221205-01.html