CVE-2024-26023

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26023
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN58236836/ Third Party Advisory
https://www.buffalo.jp/news/detail/20240410-01.html Vendor Advisory
https://jvn.jp/en/jp/JVN58236836/ Third Party Advisory
https://www.buffalo.jp/news/detail/20240410-01.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:buffalo:wsr-1166dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-1166dhp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:buffalo:wsr-1166dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-1166dhp2:-:*:*:*:*:*:*:*
History

30 Jun 2025, 13:12

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN58236836/ - () https://jvn.jp/en/jp/JVN58236836/ - Third Party Advisory
References () https://www.buffalo.jp/news/detail/20240410-01.html - () https://www.buffalo.jp/news/detail/20240410-01.html - Vendor Advisory
CPE cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-1166dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr-1166dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-1166dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-1166dhp:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*
First Time Buffalo wsr-1166dhp2 Firmware
Buffalo wsr-2533dhpl Firmware
Buffalo wsr-a2533dhp2 Firmware
Buffalo wsr-2533dhp2 Firmware
Buffalo wsr-1166dhp
Buffalo wcr-1166ds
Buffalo wsr-1166dhp2
Buffalo wsr-2533dhpl
Buffalo wsr-1166dhp Firmware
Buffalo wsr-2533dhp
Buffalo wsr-a2533dhp2
Buffalo wsr-2533dhp Firmware
Buffalo
Buffalo wsr-2533dhp2
Buffalo wcr-1166ds Firmware

21 Nov 2024, 09:01

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN58236836/ - () https://jvn.jp/en/jp/JVN58236836/ -
References () https://www.buffalo.jp/news/detail/20240410-01.html - () https://www.buffalo.jp/news/detail/20240410-01.html -

01 Aug 2024, 13:47

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección de comandos del sistema operativo en routers LAN inalámbricos BUFFALO permite que un usuario que haya iniciado sesión ejecute comandos arbitrarios del sistema operativo.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.2
CWE CWE-78

15 Apr 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-15 11:15

Updated : 2025-06-30 13:12

NVD link : CVE-2024-26023

Mitre link : CVE-2024-26023

CVE.ORG link : CVE-2024-26023

JSON object : View

Products Affected

buffalo

  • wsr-1166dhp2_firmware
  • wsr-2533dhp2_firmware
  • wsr-2533dhp
  • wcr-1166ds
  • wsr-1166dhp_firmware
  • wsr-1166dhp
  • wsr-2533dhp_firmware
  • wsr-a2533dhp2
  • wsr-2533dhp2
  • wsr-1166dhp2
  • wsr-2533dhpl
  • wsr-2533dhpl_firmware
  • wsr-a2533dhp2_firmware
  • wcr-1166ds_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')