CVE-2021-20716

Published: Apr 28, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

Affected (35)

Products: Buffalo: Bhr 4rv Firmware, Fs G54 Firmware, Wbr2 B11 Firmware, Wbr2 G54 Firmware, Wbr2 G54 Kd Firmware, Wbr B11 Firmware, Wbr G54 Firmware, Wbr G54l Firmware, Whr2 A54g54 Firmware, Whr2 G54 Firmware, Whr2 G54v Firmware, Whr3 Ag54 Firmware, Whr G54 Firmware, Whr G54 Nf Firmware, Wla2 G54 Firmware, Wla2 G54c Firmware, Wla B11 Firmware, Wla G54 Firmware, Wla G54c Firmware, Wlah A54g54 Firmware, Wlah Am54g54 Firmware, Wlah G54 Firmware, Wli2 Tx1 Ag54 Firmware, Wli2 Tx1 Amg54 Firmware, Wli2 Tx1 G54 Firmware, Wli3 Tx1 Amg54 Firmware, Wli3 Tx1 G54 Firmware, Wli T1 B11 Firmware, Wli Tx1 G54 Firmware, Wvr G54 Nf Firmware, Wzr G108 Firmware, Wzr G54 Firmware, Wzr Hp G54 Firmware, Wzr Rs G54 Firmware, Wzr Rs G54hp Firmware

35 products

Wlah Am54g54 Firmware

Wlah G54 Firmware

Wli2 Tx1 Ag54 Firmware

Wli2 Tx1 Amg54 Firmware

Wli2 Tx1 G54 Firmware

Wli3 Tx1 Amg54 Firmware

Wli3 Tx1 G54 Firmware

Wzr Rs G54hp Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bhr 4rv Firmware	Up to 2.55

Running on/with	Platform Versions
Buffalo Bhr 4rv	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Fs G54 Firmware	Up to 2.04

Running on/with	Platform Versions
Buffalo Fs G54	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr2 B11 Firmware	Up to 2.32

Running on/with	Platform Versions
Buffalo Wbr2 B11	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr2 G54 Firmware	Up to 2.32

Running on/with	Platform Versions
Buffalo Wbr2 G54	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr2 G54 Kd Firmware	Up to 2.32

Running on/with	Platform Versions
Buffalo Wbr2 G54 Kd	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr B11 Firmware	Up to 2.23

Running on/with	Platform Versions
Buffalo Wbr B11	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr G54 Firmware	Up to 2.23

Running on/with	Platform Versions
Buffalo Wbr G54	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wbr G54l Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wbr G54l	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr2 A54g54 Firmware	Up to 2.25

Running on/with	Platform Versions
Buffalo Whr2 A54g54	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr2 G54 Firmware	Up to 2.23

Running on/with	Platform Versions
Buffalo Whr2 G54	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr2 G54v Firmware	Up to 2.55

Running on/with	Platform Versions
Buffalo Whr2 G54v	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr3 Ag54 Firmware	Up to 2.23

Running on/with	Platform Versions
Buffalo Whr3 Ag54	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr G54 Firmware	Up to 2.16

Running on/with	Platform Versions
Buffalo Whr G54	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Whr G54 Nf Firmware	Up to 2.10

Running on/with	Platform Versions
Buffalo Whr G54 Nf	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wla2 G54 Firmware	Up to 2.24

Running on/with	Platform Versions
Buffalo Wla2 G54	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wla2 G54c Firmware	Up to 2.24

Running on/with	Platform Versions
Buffalo Wla2 G54c	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wla B11 Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wla B11	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wla G54 Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wla G54	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wla G54c Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wla G54c	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wlah A54g54 Firmware	Up to 2.54

Running on/with	Platform Versions
Buffalo Wlah A54g54	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wlah Am54g54 Firmware	Up to 2.54

Running on/with	Platform Versions
Buffalo Wlah Am54g54	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wlah G54 Firmware	Up to 2.54

Running on/with	Platform Versions
Buffalo Wlah G54	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli2 Tx1 Ag54 Firmware	Up to 2.53

Running on/with	Platform Versions
Buffalo Wli2 Tx1 Ag54	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli2 Tx1 Amg54 Firmware	Up to 2.53

Running on/with	Platform Versions
Buffalo Wli2 Tx1 Amg54	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli2 Tx1 G54 Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wli2 Tx1 G54	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli3 Tx1 Amg54 Firmware	Up to 2.53

Running on/with	Platform Versions
Buffalo Wli3 Tx1 Amg54	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli3 Tx1 G54 Firmware	Up to 2.53

Running on/with	Platform Versions
Buffalo Wli3 Tx1 G54	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli T1 B11 Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wli T1 B11	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wli Tx1 G54 Firmware	Up to 2.20

Running on/with	Platform Versions
Buffalo Wli Tx1 G54	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wvr G54 Nf Firmware	Up to 2.02

Running on/with	Platform Versions
Buffalo Wvr G54 Nf	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr G108 Firmware	Up to 2.41

Running on/with	Platform Versions
Buffalo Wzr G108	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr G54 Firmware	Up to 2.41

Running on/with	Platform Versions
Buffalo Wzr G54	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr Hp G54 Firmware	Up to 2.41

Running on/with	Platform Versions
Buffalo Wzr Hp G54	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr Rs G54 Firmware	Up to 2.55

Running on/with	Platform Versions
Buffalo Wzr Rs G54	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr Rs G54hp Firmware	Up to 2.55

Running on/with	Platform Versions
Buffalo Wzr Rs G54hp	All versions

References (4)

https://jvn.jp/en/vu/JVNVU90274525/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.buffalo.jp/news/detail/20210427-02.html

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/vu/JVNVU90274525/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.buffalo.jp/news/detail/20210427-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.