CVE-2014-9284

Buffalo WHR-1166DHP/600D/WSR-600DHP/300HP2/WMR-300/WEX-300/BHR-4GRV2 Firmware Authenticated OS Command Injection

Title source: llm
STIX 2.1

Description

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN50447904/index.html
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085

Scores

EPSS 0.0107
EPSS Percentile 60.7%

Details

CWE
CWE-78
Status published
Products (7)
buffalotech/bhr-4grv2_firmware < 1.04
buffalotech/wex-300_firmware < 1.60
buffalotech/whr-1166dhp_firmware < 1.60
buffalotech/whr-300hp2_firmware < 1.60
buffalotech/whr-600d_firmware < 1.60
buffalotech/wmr-300_firmware < 1.60
buffalotech/wsr-600dhp_firmware < 1.60
Published Jun 09, 2015
Tracked Since Feb 18, 2026