CVE-2021-20716 : Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

Published 2021-04-28 01:15:17

Updated 2021-05-07 17:43:28

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2021-20716

Buffalo » Bhr-4rv Firmware
Versions up to, including, (<=) 2.55
cpe:2.3:o:buffalo:bhr-4rv_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Bhr-4rv » Version: N/A
Buffalo » Fs-g54 Firmware
Versions up to, including, (<=) 2.04
cpe:2.3:o:buffalo:fs-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Fs-g54 » Version: N/A
Buffalo » Wbr2-b11 Firmware
Versions up to, including, (<=) 2.32
cpe:2.3:o:buffalo:wbr2-b11_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr2-b11 » Version: N/A
Buffalo » Wbr2-g54 Firmware
Versions up to, including, (<=) 2.32
cpe:2.3:o:buffalo:wbr2-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr2-g54 » Version: N/A
Buffalo » Wbr2-g54-kd Firmware
Versions up to, including, (<=) 2.32
cpe:2.3:o:buffalo:wbr2-g54-kd_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr2-g54-kd » Version: N/A
Buffalo » Wbr-b11 Firmware
Versions up to, including, (<=) 2.23
cpe:2.3:o:buffalo:wbr-b11_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr-b11 » Version: N/A
Buffalo » Wbr-g54 Firmware
Versions up to, including, (<=) 2.23
cpe:2.3:o:buffalo:wbr-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr-g54 » Version: N/A
Buffalo » Wbr-g54l Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wbr-g54l_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wbr-g54l » Version: N/A
Buffalo » Whr2-a54g54 Firmware
Versions up to, including, (<=) 2.25
cpe:2.3:o:buffalo:whr2-a54g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr2-a54g54 » Version: N/A
Buffalo » Whr2-g54 Firmware
Versions up to, including, (<=) 2.23
cpe:2.3:o:buffalo:whr2-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr2-g54 » Version: N/A
Buffalo » Whr2-g54v Firmware
Versions up to, including, (<=) 2.55
cpe:2.3:o:buffalo:whr2-g54v_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr2-g54v » Version: N/A
Buffalo » Whr3-ag54 Firmware
Versions up to, including, (<=) 2.23
cpe:2.3:o:buffalo:whr3-ag54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr3-ag54 » Version: N/A
Buffalo » Whr-g54 Firmware
Versions up to, including, (<=) 2.16
cpe:2.3:o:buffalo:whr-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-g54 » Version: N/A
Buffalo » Whr-g54-nf Firmware
Versions up to, including, (<=) 2.10
cpe:2.3:o:buffalo:whr-g54-nf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-g54-nf » Version: N/A
Buffalo » Wla2-g54 Firmware
Versions up to, including, (<=) 2.24
cpe:2.3:o:buffalo:wla2-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wla2-g54 » Version: N/A
Buffalo » Wla2-g54c Firmware
Versions up to, including, (<=) 2.24
cpe:2.3:o:buffalo:wla2-g54c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wla2-g54c » Version: N/A
Buffalo » Wla-b11 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wla-b11_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wla-b11 » Version: N/A
Buffalo » Wla-g54 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wla-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wla-g54 » Version: N/A
Buffalo » Wla-g54c Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wla-g54c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wla-g54c » Version: N/A
Buffalo » Wlah-a54g54 Firmware
Versions up to, including, (<=) 2.54
cpe:2.3:o:buffalo:wlah-a54g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wlah-a54g54 » Version: N/A
Buffalo » Wlah-am54g54 Firmware
Versions up to, including, (<=) 2.54
cpe:2.3:o:buffalo:wlah-am54g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wlah-am54g54 » Version: N/A
Buffalo » Wlah-g54 Firmware
Versions up to, including, (<=) 2.54
cpe:2.3:o:buffalo:wlah-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wlah-g54 » Version: N/A
Buffalo » Wli2-tx1-ag54 Firmware
Versions up to, including, (<=) 2.53
cpe:2.3:o:buffalo:wli2-tx1-ag54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli2-tx1-ag54 » Version: N/A
Buffalo » Wli2-tx1-amg54 Firmware
Versions up to, including, (<=) 2.53
cpe:2.3:o:buffalo:wli2-tx1-amg54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli2-tx1-amg54 » Version: N/A
Buffalo » Wli2-tx1-g54 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wli2-tx1-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli2-tx1-g54 » Version: N/A
Buffalo » Wli3-tx1-amg54 Firmware
Versions up to, including, (<=) 2.53
cpe:2.3:o:buffalo:wli3-tx1-amg54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli3-tx1-amg54 » Version: N/A
Buffalo » Wli3-tx1-g54 Firmware
Versions up to, including, (<=) 2.53
cpe:2.3:o:buffalo:wli3-tx1-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli3-tx1-g54 » Version: N/A
Buffalo » Wli-t1-b11 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wli-t1-b11_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli-t1-b11 » Version: N/A
Buffalo » Wli-tx1-g54 Firmware
Versions up to, including, (<=) 2.20
cpe:2.3:o:buffalo:wli-tx1-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wli-tx1-g54 » Version: N/A
Buffalo » Wvr-g54-nf Firmware
Versions up to, including, (<=) 2.02
cpe:2.3:o:buffalo:wvr-g54-nf_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wvr-g54-nf » Version: N/A
Buffalo » Wzr-g108 Firmware
Versions up to, including, (<=) 2.41
cpe:2.3:o:buffalo:wzr-g108_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-g108 » Version: N/A
Buffalo » Wzr-g54 Firmware
Versions up to, including, (<=) 2.41
cpe:2.3:o:buffalo:wzr-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-g54 » Version: N/A
Buffalo » Wzr-hp-g54 Firmware
Versions up to, including, (<=) 2.41
cpe:2.3:o:buffalo:wzr-hp-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-g54 » Version: N/A
Buffalo » Wzr-rs-g54 Firmware
Versions up to, including, (<=) 2.55
cpe:2.3:o:buffalo:wzr-rs-g54_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-rs-g54 » Version: N/A
Buffalo » Wzr-rs-g54hp Firmware
Versions up to, including, (<=) 2.55
cpe:2.3:o:buffalo:wzr-rs-g54hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-rs-g54hp » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-20716

EPSS FAQ

3.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20716

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-20716

https://jvn.jp/en/vu/JVNVU90274525/index.html

JVNVU#90274525: Multiple Buffalo network devices contain hidden functionality
Third Party Advisory
https://www.buffalo.jp/news/detail/20210427-02.html

ルーター等の一部商品におけるデバッグオプションの脆弱性とその対処方法 | バッファロー
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-20716

Products affected by CVE-2021-20716

Exploit prediction scoring system (EPSS) score for CVE-2021-20716

CVSS scores for CVE-2021-20716

References for CVE-2021-20716