CVE-2021-3511 : Disclosure of sensitive information to an unauthorized user vulnerability in Buf

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors.

Published 2021-04-28 01:15:17

Updated 2022-07-12 17:42:04

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2021-3511

Buffalo » Hw-450hp-zwe Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Hw-450hp-zwe » Version: N/A
Buffalo » Wzr-hp-g450h Firmware
Versions before (<) 1.90
cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-g450h » Version: N/A
Buffalo » Wzr-450hp Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-450hp » Version: N/A
Buffalo » Wzr-450hp-cwt Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-450hp-cwt » Version: N/A
Buffalo » Wzr-hp-g301nh Firmware
Versions before (<) 1.84
cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-g301nh » Version: N/A
Buffalo » Wzr-600dhp Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-600dhp » Version: N/A
Buffalo » Whr-300 Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-300 » Version: N/A
Buffalo » Wzr-hp-g302h Firmware
Versions before (<) 1.86
cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-g302h » Version: N/A
Buffalo » Wzr-hp-ag300h Firmware
Versions before (<) 1.76
cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-ag300h » Version: N/A
Buffalo » Wzr-d1100h Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-d1100h » Version: N/A
Buffalo » Wpl-05g300 Firmware
Versions before (<) 1.88
cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wpl-05g300 » Version: N/A
Buffalo » Dwr-hp-g300nh Firmware
Versions before (<) 1.84
cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Dwr-hp-g300nh » Version: N/A
Buffalo » Whr-300hp Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-300hp » Version: N/A
Buffalo » Wzr-300hp Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-300hp » Version: N/A
Buffalo » Whr-hp-g300n Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-hp-g300n » Version: N/A
Buffalo » Bhr-4grv Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Bhr-4grv » Version: N/A
Buffalo » Wzr-450hp-ub Firmware
Versions before (<) 2.00
cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-450hp-ub » Version: N/A
Buffalo » Wzr-hp-g300nh Firmware
Versions before (<) 1.84
cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Wzr-hp-g300nh » Version: N/A
Buffalo » Fs-600dhp Firmware
Versions before (<) 3.40
cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Fs-600dhp » Version: N/A
Buffalo » Whr-g301n Firmware
Versions before (<) 1.87
cpe:2.3:o:buffalo:whr-g301n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-g301n » Version: N/A
Buffalo » Whr-hp-gn Firmware
Versions before (<) 1.87
cpe:2.3:o:buffalo:whr-hp-gn_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Whr-hp-gn » Version: N/A
Buffalo » Fs-hp-g300n Firmware
Versions before (<) 3.33
cpe:2.3:o:buffalo:fs-hp-g300n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Fs-hp-g300n » Version: N/A
Buffalo » Fs-r600dhp Firmware
Versions before (<) 3.40
cpe:2.3:o:buffalo:fs-r600dhp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Fs-r600dhp » Version: N/A
Buffalo » Fs-g300n Firmware
Versions before (<) 3.14
cpe:2.3:o:buffalo:fs-g300n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Buffalo » Fs-g300n » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-3511

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 38 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3511

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:P/I:N/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2021-3511

https://jvn.jp/en/vu/JVNVU99235714/index.html

JVNVU#99235714: Multiple vulnerabilities in Buffalo broadband routers
Third Party Advisory

CVEs referencing this url
https://www.buffalo.jp/news/detail/20210427-01.html

一部ルーター商品における複数の脆弱性とその対処方法 | バッファロー
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-3511

Products affected by CVE-2021-3511

Exploit prediction scoring system (EPSS) score for CVE-2021-3511

CVSS scores for CVE-2021-3511

References for CVE-2021-3511