WSR-2533DHPL2
by Buffalotech
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20090 | 0.20 | — | 1.00 | KEV | Apr 29, 2021 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | ||
| CVE-2021-20091 | 0.07 | — | 0.09 | Apr 29, 2021 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code… | |||
| CVE-2021-20092 | 0.06 | — | 0.08 | Apr 29, 2021 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. | |||
| CVE-2024-26023 | 0.00 | — | 0.01 | Apr 15, 2024 | OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | |||
| CVE-2024-23486 | 0.00 | — | 0.01 | Apr 15, 2024 | Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | |||
| CVE-2022-43466 | 0.00 | — | 0.01 | Dec 19, 2022 | OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | |||
| CVE-2022-43443 | 0.00 | — | 0.01 | Dec 19, 2022 | OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | |||
| CVE-2022-43486 | 0.00 | — | 0.00 | Dec 19, 2022 | Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. |
- risk 0.20cvss —epss 1.00
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
- CVE-2021-20091Apr 29, 2021risk 0.07cvss —epss 0.09
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code…
- CVE-2021-20092Apr 29, 2021risk 0.06cvss —epss 0.08
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
- CVE-2024-26023Apr 15, 2024risk 0.00cvss —epss 0.01
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
- CVE-2024-23486Apr 15, 2024risk 0.00cvss —epss 0.01
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
- CVE-2022-43466Dec 19, 2022risk 0.00cvss —epss 0.01
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
- CVE-2022-43443Dec 19, 2022risk 0.00cvss —epss 0.01
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
- CVE-2022-43486Dec 19, 2022risk 0.00cvss —epss 0.00
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.