BUFFALO Router OS Command Injection Vulnerability (CVE-2024-44072) Analysis

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: JVN#12824024 2. Affected Products: - WHR-1166DHP2 Ver. 2.95 and earlier - WHR-1166DHP3 Ver. 2.95 and earlier - WHR-1166DHP4 Ver. 2.95 and earlier - WSR-1166DHP3 Ver. 1.18 and earlier - WSR-600DHP Ver. 2.93 and earlier - WEX-300HPTX/N Ver. 1.02 and earlier - WEX-733DHP2 Ver. 1.03 and earlier - WEX-1166DHP2 Ver. 1.05 and earlier - WEX-1166DHPS Ver. 1.05 and earlier - WEX-300HPS/N Ver. 1.02 and earlier - WEX-733DHPS Ver. 1.02 and earlier - WEX-733DHPTX Ver. 1.03 and earlier - WEX-1166DHP Ver. 1.23 and earlier - WEX-733DHP Ver. 1.64 and earlier - WHR-1166DHP Ver. 2.92 and earlier - WHR-300HP2 Ver. 2.51 and earlier - WHR-600D Ver. 2.91 and earlier - WMR-300 Ver. 2.50 and earlier 3. Vulnerability Description: BUFFALO INC.'s wireless LAN routers and wireless LAN repeaters contain an OS command injection vulnerability (CWE-78). 4. Impact: If a user logs into the management page and sends a specially crafted request to a specific management page of the affected product, arbitrary OS commands may be executed. 5. Solution: Update the firmware to the latest version, following the developer's instructions. 6. Reference Links: - JPCERT/CC Addendum - Vulnerability Analysis by JPCERT/CC - CVE-2024-44072 - JVNDB-2024-000087 7. Copyright Information: Copyright (c) 2000-2024 JPCERT/CC and IPA. All rights reserved.

Goal Reached Thanks to every supporter — we hit 100%!

BUFFALO Router OS Command Injection Vulnerability (CVE-2024-44072) Analysis