BUFFALO Routers Vulnerable to OS Command Injection Attacks
CVE-2024-44072

Currently unrated

Key Information:

Vendor: Buffalo Inc.
Status: Whr-1166dHP2; Whr-1166dHP3; Whr-1166dHP4; Wsr-1166dHP3
Vendor: CVE Published:; 10 September 2024

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2024-44072?

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.

Affected Version(s)

WEX-1166DHP Ver. 1.23 and earlier

WEX-1166DHP2 Ver. 1.05 and earlier

WEX-1166DHPS Ver. 1.05 and earlier

References

https://www.buffalo.jp/news/detail/20240719-01.html

https://jvn.jp/en/jp/JVN12824024/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 19, 2024