CVE-2014-9284 - OpenCVE

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Buffalotech	Wex-300 Whr-300hp2 Firmware Whr-600d Wmr-300 Firmware Whr-1166dhp Whr-600d Firmware Whr-1166dhp Firmware Bhr-4grv2 Firmware Wex-300 Firmware Wsr-600dhp Firmware Wsr-600dhp Whr-300hp2 Bhr-4grv2 Wmr-300

Configuration 1 [-]

AND

cpe:2.3:h:buffalotech:wsr-600dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:wsr-600dhp:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:buffalotech:whr-300hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:buffalotech:whr-1166dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:buffalotech:bhr-4grv2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:buffalotech:wmr-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:buffalotech:wex-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:buffalotech:whr-600d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:*

References

Link	Resource
http://jvn.jp/en/jp/JVN50447904/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2015-06-09T00:00:00

Updated: 2015-06-09T00:57:00

Reserved: 2014-12-05T00:00:00

Link: CVE-2014-9284

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-06-09T00:59:00.073

Modified: 2015-06-16T15:59:44.057

Link: CVE-2014-9284

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-06-09T00:57:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#50447904", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN50447904/index.html"}, {"name": "JVNDB-2015-000085", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-9284", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVN#50447904", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN50447904/index.html"}, {"name": "JVNDB-2015-000085", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-9284", "datePublished": "2015-06-09T00:00:00", "dateReserved": "2014-12-05T00:00:00", "dateUpdated": "2015-06-09T00:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wsr-600dhp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "359A0C85-867C-4956-B9EF-DF246236056C", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wsr-600dhp:-:*:*:*:*:*:*:*", "matchCriteriaId": "219303A3-2247-4E89-8D11-594DE0AF7A67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-300hp2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45050739-EA75-4DB2-9B13-4F295F4FD4E4", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBC2CA67-6E1C-4AA1-B3B2-B0CAC8F16BDC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-1166dhp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCABEA51-6898-44A4-B23F-21FC52293ED3", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D857063-0CB1-4B06-A7E5-39D5A995AB51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:bhr-4grv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2035F903-836C-476B-977A-7A97FB6F80B2", "versionEndIncluding": "1.04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF7FB55C-6A22-4750-B44B-19E1427AF251", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wmr-300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "18A843F7-4F66-4998-BA89-E7CBAAA8D33C", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2A3F352-8B87-466F-A0FA-BD14B9CF9D2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wex-300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD860D85-EA4D-4BCD-AC79-9A5E89BFB24B", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DA4990B-8BD9-45FD-8398-BA8DC71FDEC3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-600d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAEFA4D3-3B67-4BB5-849D-AB12CA205860", "versionEndIncluding": "1.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1267DDE-4D61-4498-9DFD-B429CC49696E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."}, {"lang": "es", "value": "Los routers Buffalo WHR-1166DHP 1.60 y anteriores, WSR-600DHP 1.60 y anteriores, WHR-600D 1.60 y anteriores, WHR-300HP2 1.60 y anteriores, WMR-300 1.60 y anteriores, WEX-300 1.60 y anteriores, y BHR-4GRV2 1.04 y anteriores permiten a usuarios remotos autenticados ejecutar comandos OS arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-9284", "lastModified": "2015-06-16T15:59:44.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-09T00:59:00.073", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvn.jp/en/jp/JVN50447904/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000085"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}