CVE-2024-26023
MEDIUMBuffalo Wsr-2533dhp Firmware < 1.07 - OS Command Injection
Title source: ruleDescription
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN58236836/
Vendor Advisory
https://www.buffalo.jp/news/detail/20240410-01.html
Scores
CVSS v3
4.2
EPSS
0.0055
EPSS Percentile
41.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (7)
buffalo/wcr-1166ds_firmware
< 1.33
buffalo/wsr-1166dhp2_firmware
< 1.15
buffalo/wsr-1166dhp_firmware
< 1.15
buffalo/wsr-2533dhp2_firmware
< 1.11
buffalo/wsr-2533dhp_firmware
< 1.07
buffalo/wsr-2533dhpl_firmware
< 1.07
buffalo/wsr-a2533dhp2_firmware
< 1.11
Published
Apr 15, 2024
Tracked Since
Feb 18, 2026