WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU92862829/index.html | Third Party Advisory |
https://www.buffalo.jp/news/detail/20210531-01.html | Vendor Advisory |
Information
Published : 2021-06-08 19:15
Updated : 2021-06-16 09:30
NVD link : CVE-2021-20731
Mitre link : CVE-2021-20731
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
buffalo
- wsr-1166dhp3
- wsr-1166dhp4_firmware
- wsr-1166dhp4
- wsr-1166dhp3_firmware