Is CVE-2022-40966 actively exploited?

CVE-2022-40966 has no public evidence of in-the-wild exploitation as of 2025-04-23.

What is the CVSS score for CVE-2022-40966?

CVE-2022-40966 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2022-40966?

Patch guidance is available from buffalo security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-40966.

Fix CVE-2022-40966 - HIGH buffalo wcr-300 firmware

Q: Which products are affected by CVE-2022-40966?

75 products: buffalo wcr-300 firmware, buffalo whr-hp-g300n firmware, buffalo whr-hp-gn firmware, buffalo wpl-05g300 firmware, buffalo wrm-d2133hp firmware, and 70 more.

Description

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-287 · Improper Authentication CWE-287 · Improper Authentication

Metadata

Primary Vendor: BUFFALO
Published: 12/7/2022
Last Modified: 4/23/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

buffalo : wcr-300_firmwarebuffalo : whr-hp-g300n_firmwarebuffalo : whr-hp-gn_firmwarebuffalo : wpl-05g300_firmwarebuffalo : wrm-d2133hp_firmwarebuffalo : wrm-d2133hs_firmwarebuffalo : wtr-m2133hp_firmwarebuffalo : wtr-m2133hs_firmwarebuffalo : wxr-1900dhp_firmwarebuffalo : wxr-1900dhp2_firmwarebuffalo : wxr-1900dhp3_firmwarebuffalo : wxr-5950ax12_firmwarebuffalo : wxr-6000ax12b_firmwarebuffalo : wxr-6000ax12s_firmwarebuffalo : wzr-300hp_firmwarebuffalo : wzr-450hp_firmwarebuffalo : wzr-600dhp_firmwarebuffalo : wzr-900dhp_firmwarebuffalo : wzr-1750dhp2_firmwarebuffalo : wzr-hp-ag300h_firmwarebuffalo : wzr-hp-g302h_firmwarebuffalo : wem-1266_firmwarebuffalo : wem-1266wp_firmwarebuffalo : wlae-ag300n_firmwarebuffalo : fs-600dhp_firmwarebuffalo : fs-g300n_firmwarebuffalo : fs-hp-g300n_firmwarebuffalo : fs-r600dhp_firmwarebuffalo : bhr-4grv_firmwarebuffalo : dwr-hp-g300nh_firmwarebuffalo : dwr-pg_firmwarebuffalo : hw-450hp-zwe_firmwarebuffalo : wer-a54g54_firmwarebuffalo : wer-ag54_firmwarebuffalo : wer-am54g54_firmwarebuffalo : wer-amg54_firmwarebuffalo : whr-300_firmwarebuffalo : whr-300hp_firmwarebuffalo : whr-am54g54_firmwarebuffalo : whr-amg54_firmwarebuffalo : whr-ampg_firmwarebuffalo : whr-g_firmwarebuffalo : whr-g300n_firmwarebuffalo : whr-g301n_firmwarebuffalo : whr-g54s_firmwarebuffalo : whr-g54s-ni_firmwarebuffalo : whr-hp-ampg_firmwarebuffalo : whr-hp-g_firmwarebuffalo : whr-hp-g54_firmwarebuffalo : wli-h4-d600_firmwarebuffalo : ws024bf_firmwarebuffalo : ws024bf-nw_firmwarebuffalo : wxr-1750dhp_firmwarebuffalo : wxr-1750dhp2_firmwarebuffalo : wzr-1166dhp_firmwarebuffalo : wzr-1166dhp2_firmwarebuffalo : wzr-1750dhp_firmwarebuffalo : wzr2-g300n_firmwarebuffalo : wzr-450hp-cwt_firmwarebuffalo : wzr-450hp-ub_firmwarebuffalo : wzr-600dhp2_firmwarebuffalo : wzr-600dhp3_firmwarebuffalo : wzr-900dhp2_firmwarebuffalo : wzr-agl300nh_firmwarebuffalo : wzr-ampg144nh_firmwarebuffalo : wzr-ampg300nh_firmwarebuffalo : wzr-d1100h_firmwarebuffalo : wzr-g144n_firmwarebuffalo : wzr-g144nh_firmwarebuffalo : wzr-hp-g300nh_firmwarebuffalo : wzr-hp-g301nh_firmwarebuffalo : wzr-hp-g450h_firmwarebuffalo : wzr-s1750dhp_firmwarebuffalo : wzr-s600dhp_firmwarebuffalo : wzr-s900dhp_firmware

Remediation Guidance

Executive Summary

View on NIST NVD