Arbitrary OS Command Injection Vulnerability Affects BUFFALO Wireless LAN Routers
CVE-2024-26023

Currently unrated

Key Information:

Vendor: Buffalo Inc.
Status: Wcr-1166ds; Wsr-1166dHP; Wsr-1166dHP2; Wsr-2533dHP
Vendor: CVE Published:; 15 April 2024

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2024-26023?

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

Affected Version(s)

WCR-1166DS firmware Ver. 1.32 and earlier

WSR-1166DHP firmware Ver. 1.14 and earlier

WSR-1166DHP2 firmware Ver. 1.14 and earlier

References

https://www.buffalo.jp/news/detail/20240410-01.html

https://jvn.jp/en/jp/JVN58236836/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Mar 19, 2024

.