CVE-2014-9284
Buffalo WHR-1166DHP/600D/WSR-600DHP/300HP2/WMR-300/WEX-300/BHR-4GRV2 Firmware Authenticated OS Command Injection
Title source: llmDescription
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN50447904/index.html
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085
Scores
EPSS
0.0107
EPSS Percentile
60.7%
Details
CWE
CWE-78
Status
published
Products (7)
buffalotech/bhr-4grv2_firmware
< 1.04
buffalotech/wex-300_firmware
< 1.60
buffalotech/whr-1166dhp_firmware
< 1.60
buffalotech/whr-300hp2_firmware
< 1.60
buffalotech/whr-600d_firmware
< 1.60
buffalotech/wmr-300_firmware
< 1.60
buffalotech/wsr-600dhp_firmware
< 1.60
Published
Jun 09, 2015
Tracked Since
Feb 18, 2026