Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-9284


The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.


Published

2015-06-09T00:59:00.073

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.7 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

5.1

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware buffalotech wsr-600dhp_firmware ≤ 1.60 Yes
Hardware buffalotech wsr-600dhp - No
Hardware buffalotech whr-300hp2_firmware ≤ 1.60 Yes
Hardware buffalotech whr-300hp2 - No
Hardware buffalotech whr-1166dhp_firmware ≤ 1.60 Yes
Hardware buffalotech whr-1166dhp - No
Hardware buffalotech bhr-4grv2_firmware ≤ 1.04 Yes
Hardware buffalotech bhr-4grv2 - No
Hardware buffalotech wmr-300_firmware ≤ 1.60 Yes
Hardware buffalotech wmr-300 - No
Hardware buffalotech wex-300_firmware ≤ 1.60 Yes
Hardware buffalotech wex-300 - No
Hardware buffalotech whr-600d_firmware ≤ 1.60 Yes
Hardware buffalotech whr-600d - No

References