Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJpcertCVE-2021-3512
HistoryApr 28, 2021 - 1:15 a.m.

CVE-2021-3512

2021-04-2801:15:17
jpcert
web.nvd.nist.gov
55
4
cve-2021-3512
improper access control
buffalo broadband routers
vulnerability
firmware
remote
attackers

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

Affected configurations

Nvd
Vulners
Node
buffalobhr-4grv_firmwareRange<2.00
AND
buffalobhr-4grvMatch-
Node
buffalodwr-hp-g300nh_firmwareRange<1.84
AND
buffalodwr-hp-g300nhMatch-
Node
buffalohw-450hp-zwe_firmwareRange<2.00
AND
buffalohw-450hp-zweMatch-
Node
buffalowhr-300hp_firmwareRange<2.00
AND
buffalowhr-300hpMatch-
Node
buffalowhr-300_firmwareRange<2.00
AND
buffalowhr-300Match-
Node
buffalowhr-g301n_firmwareRange<1.87
AND
buffalowhr-g301nMatch-
Node
buffalowhr-hp-g300n_firmwareRange<2.00
AND
buffalowhr-hp-g300nMatch-
Node
buffalowhr-hp-gn_firmwareRange<1.87
AND
buffalowhr-hp-gnMatch-
Node
buffalowpl-05g300_firmwareRange<1.88
AND
buffalowpl-05g300Match-
Node
buffalowzr-450hp-cwt_firmwareRange<2.00
AND
buffalowzr-450hp-cwtMatch-
Node
buffalowzr-450hp-ub_firmwareRange<2.00
AND
buffalowzr-450hp-ubMatch-
Node
buffalowzr-hp-ag300h_firmwareRange<1.76
AND
buffalowzr-hp-ag300hMatch-
Node
buffalowzr-hp-g300nh_firmwareRange<1.84
AND
buffalowzr-hp-g300nhMatch-
Node
buffalowzr-hp-g301nh_firmwareRange<1.84
AND
buffalowzr-hp-g301nhMatch-
Node
buffalowzr-hp-g302h_firmwareRange<1.86
AND
buffalowzr-hp-g302hMatch-
Node
buffalowzr-hp-g450h_firmwareRange<1.90
AND
buffalowzr-hp-g450hMatch-
Node
buffalowzr-300hp_firmwareRange<2.00
AND
buffalowzr-300hpMatch-
Node
buffalowzr-450hp_firmwareRange<2.00
AND
buffalowzr-450hpMatch-
Node
buffalowzr-600dhp_firmwareRange<2.00
AND
buffalowzr-600dhpMatch-
Node
buffalowzr-d1100h_firmwareRange<2.00
AND
buffalowzr-d1100hMatch-
Node
buffalofs-hp-g300n_firmwareRange<3.33
AND
buffalofs-hp-g300nMatch-
Node
buffalofs-600dhp_firmwareRange<3.40
AND
buffalofs-600dhpMatch-
Node
buffalofs-r600dhp_firmwareRange<3.40
AND
buffalofs-r600dhpMatch-
Node
buffalofs-g300n_firmwareRange<3.14
AND
buffalofs-g300nMatch-
VendorProductVersionCPE
buffalobhr-4grv_firmware*cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*
buffalobhr-4grv-cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*
buffalodwr-hp-g300nh_firmware*cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*
buffalodwr-hp-g300nh-cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*
buffalohw-450hp-zwe_firmware*cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*
buffalohw-450hp-zwe-cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*
buffalowhr-300hp_firmware*cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*
buffalowhr-300hp-cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*
buffalowhr-300_firmware*cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*
buffalowhr-300-cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 481

CNA Affected

[
  {
    "product": "Buffalo broadband routers",
    "vendor": "BUFFALO INC.",
    "versions": [
      {
        "status": "affected",
        "version": "BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior"
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
prion
prion
Improper access control
2021-04-28 01:15:00
cvelist
cvelist
CVE-2021-3512
2021-04-28 00:45:27
nvd
nvd
CVE-2021-3512
2021-04-28 01:15:17

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON
Related for CVE-2021-3512
prion1cvelist1nvd1