Hard-Coded Credentials Vulnerability in Buffalo Network Devices
CVE-2022-34840

6.5MEDIUM

Key Information:

Vendor: Buffalo Inc.
Status: Buffalo Network Devices
Vendor: CVE Published:; 7 December 2022

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2022-34840?

A significant security issue has been identified in Buffalo network devices due to hard-coded credentials. This vulnerability allows attackers who are on the same network to potentially alter critical configuration settings of the affected devices. Users must ensure they are using firmware versions that are not impacted to safeguard their network's integrity. The problem has been noted across multiple device models, highlighting the importance of updating to the latest firmware to mitigate this risk.

Affected Version(s)

Buffalo network devices WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier.

References

https://www.buffalo.jp/news/detail/20221003-01.html

https://jvn.jp/en/vu/JVNVU92805279/index.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2022
Vulnerability Reserved
Sep 27, 2022