Vulnerability Details : CVE-2021-20090
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
Vulnerability category: Directory traversal
CVE-2021-20090 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:Arcadyan Buffalo Firmware Path Traversal Vulnerability
CISA required action:Apply updates per vendor instructions.
CISA description:Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.
Added on 2021-11-03 Action due date 2021-11-17
Exploit prediction scoring system (EPSS) score for CVE-2021-20090
Probability of exploitation activity in the next 30 days: 96.91%
CVSS scores for CVE-2021-20090
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2021-20090
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: [email protected] (Primary)
References for CVE-2021-20090
Exploit;Third Party Advisory
Third Party Advisory;US Government Resource
Products affected by CVE-2021-20090