Vulnerability Description
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalo | Wsr-2533Dhpl2-Bk Firmware | <= 1.02 |
| Buffalo | Wsr-2533Dhpl2-Bk | - |
| Buffalo | Wsr-2533Dhp3-Bk Firmware | <= 1.24 |
| Buffalo | Wsr-2533Dhp3-Bk | - |
References
- https://www.tenable.com/security/research/tra-2021-13Third Party Advisory
- https://www.tenable.com/security/research/tra-2021-13Third Party Advisory
FAQ
What is CVE-2021-20091?
CVE-2021-20091 is a vulnerability with a CVSS score of 8.8 (HIGH). The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this...
How severe is CVE-2021-20091?
CVE-2021-20091 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20091?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wsr-2533Dhpl2-Bk Firmware, Buffalo Wsr-2533Dhpl2-Bk, Buffalo Wsr-2533Dhp3-Bk Firmware, Buffalo Wsr-2533Dhp3-Bk.