CVE-2021-3512 Information

Description

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior DWR-HP-G300NH firmware Ver.1.83 and prior HW-450HP-ZWE firmware Ver.1.99 and prior WHR-300HP firmware Ver.1.99 and prior WHR-300 firmware Ver.1.99 and prior WHR-G301N firmware Ver.1.86 and prior WHR-HP-G300N firmware Ver.1.99 and prior WHR-HP-GN firmware Ver.1.86 and prior WPL-05G300 firmware Ver.1.87 and prior WZR-450HP-CWT firmware Ver.1.99 and prior WZR-450HP-UB firmware Ver.1.99 and prior WZR-HP-AG300H firmware Ver.1.75 and prior WZR-HP-G300NH firmware Ver.1.83 and prior WZR-HP-G301NH firmware Ver.1.83 and prior WZR-HP-G302H firmware Ver.1.85 and prior WZR-HP-G450H firmware Ver.1.89 and prior WZR-300HP firmware Ver.1.99 and prior WZR-450HP firmware Ver.1.99 and prior WZR-600DHP firmware Ver.1.99 and prior WZR-D1100H firmware Ver.1.99 and prior FS-HP-G300N firmware Ver.3.32 and prior FS-600DHP firmware Ver.3.38 and prior FS-R600DHP firmware Ver.3.39 and prior and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://jvn.jp/en/vu/JVNVU99235714/index.html https://www.buffalo.jp/news/detail/20210427-01.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8