Vulnerability Description
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalo | Wsr-2533Dhpl2-Bk Firmware | <= 1.02 |
| Buffalo | Wsr-2533Dhpl2-Bk | - |
| Buffalo | Wsr-2533Dhp3-Bk Firmware | <= 1.24 |
| Buffalo | Wsr-2533Dhp3-Bk | - |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/914124Third Party AdvisoryUS Government Resource
- https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2021-13ExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/914124Third Party AdvisoryUS Government Resource
- https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2021-13ExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-20090?
CVE-2021-20090 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass ...
How severe is CVE-2021-20090?
CVE-2021-20090 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20090?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wsr-2533Dhpl2-Bk Firmware, Buffalo Wsr-2533Dhpl2-Bk, Buffalo Wsr-2533Dhp3-Bk Firmware, Buffalo Wsr-2533Dhp3-Bk.