8.8

CVE-2021-3512

EPSS 0.25%
Veröffentlicht 28.04.2021 01:15:17
Zuletzt bearbeitet 21.11.2024 06:21:43
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Buffalo ≫ Bhr-4grv Firmware Version < 2.00

Buffalo ≫ Bhr-4grv Version-

Buffalo ≫ Dwr-hp-g300nh Firmware Version < 1.84

Buffalo ≫ Dwr-hp-g300nh Version-

Buffalo ≫ Hw-450hp-zwe Firmware Version < 2.00

Buffalo ≫ Hw-450hp-zwe Version-

Buffalo ≫ Whr-300hp Firmware Version < 2.00

Buffalo ≫ Whr-300hp Version-

Buffalo ≫ Whr-300 Firmware Version < 2.00

Buffalo ≫ Whr-300 Version-

Buffalo ≫ Whr-g301n Firmware Version < 1.87

Buffalo ≫ Whr-g301n Version-

Buffalo ≫ Whr-hp-g300n Firmware Version < 2.00

Buffalo ≫ Whr-hp-g300n Version-

Buffalo ≫ Whr-hp-gn Firmware Version < 1.87

Buffalo ≫ Whr-hp-gn Version-

Buffalo ≫ Wpl-05g300 Firmware Version < 1.88

Buffalo ≫ Wpl-05g300 Version-

Buffalo ≫ Wzr-450hp-cwt Firmware Version < 2.00

Buffalo ≫ Wzr-450hp-cwt Version-

Buffalo ≫ Wzr-450hp-ub Firmware Version < 2.00

Buffalo ≫ Wzr-450hp-ub Version-

Buffalo ≫ Wzr-hp-ag300h Firmware Version < 1.76

Buffalo ≫ Wzr-hp-ag300h Version-

Buffalo ≫ Wzr-hp-g300nh Firmware Version < 1.84

Buffalo ≫ Wzr-hp-g300nh Version-

Buffalo ≫ Wzr-hp-g301nh Firmware Version < 1.84

Buffalo ≫ Wzr-hp-g301nh Version-

Buffalo ≫ Wzr-hp-g302h Firmware Version < 1.86

Buffalo ≫ Wzr-hp-g302h Version-

Buffalo ≫ Wzr-hp-g450h Firmware Version < 1.90

Buffalo ≫ Wzr-hp-g450h Version-

Buffalo ≫ Wzr-300hp Firmware Version < 2.00

Buffalo ≫ Wzr-300hp Version-

Buffalo ≫ Wzr-450hp Firmware Version < 2.00

Buffalo ≫ Wzr-450hp Version-

Buffalo ≫ Wzr-600dhp Firmware Version < 2.00

Buffalo ≫ Wzr-600dhp Version-

Buffalo ≫ Wzr-d1100h Firmware Version < 2.00

Buffalo ≫ Wzr-d1100h Version-

Buffalo ≫ Fs-hp-g300n Firmware Version < 3.33

Buffalo ≫ Fs-hp-g300n Version-

Buffalo ≫ Fs-600dhp Firmware Version < 3.40

Buffalo ≫ Fs-600dhp Version-

Buffalo ≫ Fs-r600dhp Firmware Version < 3.40

Buffalo ≫ Fs-r600dhp Version-

Buffalo ≫ Fs-g300n Firmware Version < 3.14

Buffalo ≫ Fs-g300n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://jvn.jp/en/vu/JVNVU99235714/index.html

Third Party Advisory

https://www.buffalo.jp/news/detail/20210427-01.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3512

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3512

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3512

EUVD