CVE-2021-20716 Information

Description

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior FS-G54 firmware Ver.2.04 and prior WBR2-B11 firmware Ver.2.32 and prior WBR2-G54 firmware Ver.2.32 and prior WBR2-G54-KD firmware Ver.2.32 and prior WBR-B11 firmware Ver.2.23 and prior WBR-G54 firmware Ver.2.23 and prior WBR-G54L firmware Ver.2.20 and prior WHR2-A54G54 firmware Ver.2.25 and prior WHR2-G54 firmware Ver.2.23 and prior WHR2-G54V firmware Ver.2.55 and prior WHR3-AG54 firmware Ver.2.23 and prior WHR-G54 firmware Ver.2.16 and prior WHR-G54-NF firmware Ver.2.10 and prior WLA2-G54 firmware Ver.2.24 and prior WLA2-G54C firmware Ver.2.24 and prior WLA-B11 firmware Ver.2.20 and prior WLA-G54 firmware Ver.2.20 and prior WLA-G54C firmware Ver.2.20 and prior WLAH-A54G54 firmware Ver.2.54 and prior WLAH-AM54G54 firmware Ver.2.54 and prior WLAH-G54 firmware Ver.2.54 and prior WLI2-TX1-AG54 firmware Ver.2.53 and prior WLI2-TX1-AMG54 firmware Ver.2.53 and prior WLI2-TX1-G54 firmware Ver.2.20 and prior WLI3-TX1-AMG54 firmware Ver.2.53 and prior WLI3-TX1-G54 firmware Ver.2.53 and prior WLI-T1-B11 firmware Ver.2.20 and prior WLI-TX1-G54 firmware Ver.2.20 and prior WVR-G54-NF firmware Ver.2.02 and prior WZR-G108 firmware Ver.2.41 and prior WZR-G54 firmware Ver.2.41 and prior WZR-HP-G54 firmware Ver.2.41 and prior WZR-RS-G54 firmware Ver.2.55 and prior and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands change the configuration and cause a denial of service (DoS) condition.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.buffalo.jp/news/detail/20210427-02.html https://jvn.jp/en/vu/JVNVU90274525/index.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8