CVE-2021-20716

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.buffalo.jp/news/detail/20210427-02.html	Vendor Advisory
https://jvn.jp/en/vu/JVNVU90274525/index.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:buffalo:bhr-4rv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:bhr-4rv:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:buffalo:fs-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:fs-g54:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:buffalo:wbr2-b11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr2-b11:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:buffalo:wbr2-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr2-g54:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:buffalo:wbr2-g54-kd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr2-g54-kd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:buffalo:wbr-b11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr-b11:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:buffalo:wbr-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr-g54:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:buffalo:wbr-g54l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wbr-g54l:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:buffalo:whr2-a54g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr2-a54g54:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:buffalo:whr2-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr2-g54:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:buffalo:whr2-g54v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr2-g54v:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:buffalo:whr3-ag54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr3-ag54:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:buffalo:whr-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-g54:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:buffalo:whr-g54-nf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-g54-nf:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:buffalo:wla2-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wla2-g54:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:buffalo:wla2-g54c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wla2-g54c:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:buffalo:wla-b11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wla-b11:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:buffalo:wla-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wla-g54:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:buffalo:wla-g54c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wla-g54c:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:buffalo:wlah-a54g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wlah-a54g54:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:buffalo:wlah-am54g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wlah-am54g54:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:buffalo:wlah-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wlah-g54:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:buffalo:wli2-tx1-ag54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli2-tx1-ag54:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:buffalo:wli2-tx1-amg54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli2-tx1-amg54:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:buffalo:wli2-tx1-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli2-tx1-g54:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:buffalo:wli3-tx1-amg54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli3-tx1-amg54:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:buffalo:wli3-tx1-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli3-tx1-g54:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:buffalo:wli-t1-b11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli-t1-b11:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:buffalo:wli-tx1-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wli-tx1-g54:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:buffalo:wvr-g54-nf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wvr-g54-nf:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:buffalo:wzr-g108_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-g108:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:buffalo:wzr-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-g54:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-g54:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:buffalo:wzr-rs-g54_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-rs-g54:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:buffalo:wzr-rs-g54hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-rs-g54hp:-:*:*:*:*:*:*:*

Information

Published : 2021-04-27 18:15

Updated : 2021-05-07 10:43

NVD link : CVE-2021-20716

Mitre link : CVE-2021-20716

JSON object : View

CWE

NVD-CWE-Other

Products Affected

buffalo

wli-tx1-g54_firmware
wli2-tx1-amg54_firmware
wli3-tx1-g54
wla2-g54c_firmware
bhr-4rv
whr2-g54
whr-g54-nf_firmware
wla-b11
wli3-tx1-g54_firmware
whr2-a54g54
whr3-ag54
wvr-g54-nf_firmware
wzr-rs-g54_firmware
wzr-rs-g54
wvr-g54-nf
wzr-g108_firmware
wbr-g54l
wzr-hp-g54_firmware
wbr2-g54_firmware
wla-g54c_firmware
wbr-g54
whr3-ag54_firmware
wla2-g54c
wlah-g54_firmware
wlah-g54
wzr-g54_firmware
whr-g54_firmware
wbr2-g54
wli-tx1-g54
wla-g54
fs-g54
whr2-g54v
wzr-rs-g54hp_firmware
wzr-rs-g54hp
wla-b11_firmware
wzr-g108
fs-g54_firmware
wlah-a54g54
wlah-am54g54_firmware
wbr2-b11_firmware
wli2-tx1-g54_firmware
whr-g54-nf
wlah-a54g54_firmware
wli2-tx1-g54
whr2-g54v_firmware
wbr2-g54-kd
bhr-4rv_firmware
wli3-tx1-amg54_firmware
wbr-b11_firmware
wzr-hp-g54
wbr-g54l_firmware
wbr-g54_firmware
wzr-g54
whr-g54
wli2-tx1-amg54
wbr-b11
whr2-a54g54_firmware
wlah-am54g54
wla-g54c
wli2-tx1-ag54
wli3-tx1-amg54
wli-t1-b11_firmware
wbr2-g54-kd_firmware
wla2-g54_firmware
wla-g54_firmware
wli2-tx1-ag54_firmware
wli-t1-b11
whr2-g54_firmware
wbr2-b11
wla2-g54

9.8 /10