CVE-2021-3512

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3512
Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://jvn.jp/en/vu/JVNVU99235714/index.html Third Party Advisory
https://www.buffalo.jp/news/detail/20210427-01.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:buffalo:whr-g301n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:whr-g301n:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:whr-hp-g300n:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:buffalo:whr-hp-gn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:whr-hp-gn:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wpl-05g300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-hp-ag300h:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-hp-g300nh:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-hp-g301nh:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-hp-g302h:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-hp-g450h:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-d1100h:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:buffalo:fs-hp-g300n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:fs-hp-g300n:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:fs-600dhp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:buffalo:fs-r600dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:fs-r600dhp:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:buffalo:fs-g300n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:fs-g300n:-:*:*:*:*:*:*:*
History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-Other
Information

Published : 2021-04-28 01:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-3512

Mitre link : CVE-2021-3512

CVE.ORG link : CVE-2021-3512

JSON object : View

Products Affected

buffalo

  • wzr-hp-g450h
  • wzr-300hp_firmware
  • fs-600dhp
  • wzr-450hp_firmware
  • wzr-600dhp_firmware
  • bhr-4grv_firmware
  • wzr-hp-g450h_firmware
  • wzr-450hp-ub
  • fs-hp-g300n_firmware
  • whr-300
  • dwr-hp-g300nh
  • whr-g301n_firmware
  • wzr-450hp-cwt
  • wzr-450hp-cwt_firmware
  • wzr-450hp-ub_firmware
  • wzr-450hp
  • whr-300hp
  • whr-300hp_firmware
  • hw-450hp-zwe
  • whr-g301n
  • wzr-hp-ag300h_firmware
  • wpl-05g300
  • whr-hp-gn_firmware
  • wzr-hp-g301nh_firmware
  • fs-r600dhp_firmware
  • wzr-d1100h
  • wzr-hp-g300nh_firmware
  • wzr-d1100h_firmware
  • fs-g300n
  • wzr-hp-g301nh
  • whr-300_firmware
  • wzr-hp-g300nh
  • whr-hp-g300n
  • wzr-300hp
  • fs-600dhp_firmware
  • hw-450hp-zwe_firmware
  • wzr-hp-ag300h
  • wzr-600dhp
  • bhr-4grv
  • fs-r600dhp
  • fs-g300n_firmware
  • dwr-hp-g300nh_firmware
  • whr-hp-gn
  • wzr-hp-g302h_firmware
  • wpl-05g300_firmware
  • fs-hp-g300n
  • wzr-hp-g302h
  • whr-hp-g300n_firmware
CWE
NVD-CWE-Other