PT-2021-13768 · Buffalo · Buffalo Wsr-2533Dhpl2+1

Published

2021-04-29

Updated

2021-05-05

CVE-2021-20091

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Buffalo WSR-2533DHPL2 versions 1.02 and earlier Buffalo WSR-2533DHP3 versions 1.24 and earlier

Description: The issue arises from improper sanitization of user input in the web interfaces. This could allow an authenticated remote attacker to modify device configuration and potentially achieve remote code execution.

Recommendations: For Buffalo WSR-2533DHPL2 versions 1.02 and earlier, update to a version later than 1.02 to resolve the issue. For Buffalo WSR-2533DHP3 versions 1.24 and earlier, update to a version later than 1.24 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-20091

Affected Products

Buffalo Wsr-2533Dhp3

Buffalo Wsr-2533Dhpl2

PT-2021-13768 · Buffalo · Buffalo Wsr-2533Dhpl2+1

CVE-2021-20091

Related Identifiers

Affected Products

References · 4