CVE-2022-43443

moderate-risk

Published 2022-12-19

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

Do I need to act?

0.96% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (11)

Wsr-3200Ax4S Firmware

Wsr-3200Ax4B Firmware

Wsr-2533Dhp2 Firmware

Wsr-A2533Dhp2 Firmware

Wsr-2533Dhp3 Firmware

Wsr-A2533Dhp3 Firmware

Wsr-2533Dhpl2 Firmware

Wsr-2533Dhpls Firmware

Wsr-2533Dhp Firmware

Wsr-2533Dhpl Firmware

Wcr-1166Ds Firmware

Affected Vendors

Buffalo

References (4)

https://jvn.jp/en/vu/JVNVU97099584/

https://www.buffalo.jp/news/detail/20240131-01.html

https://jvn.jp/en/vu/JVNVU97099584/

https://www.buffalo.jp/news/detail/20240131-01.html

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate