ID

VAR-202104-0768


CVE

CVE-2021-20090


TITLE

Arcadyan-based routers and modems vulnerable to authentication bypass

Trust: 0.8

sources: CERT/CC: VU#914124

DESCRIPTION

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.CVE-2021-20090 AffectedCVE-2021-20090 Affected. Arcadyan Directory traversal vulnerabilities in many routers that use software CWE-22 , CVE-2021-20090 ) Exists.A remote third party may evade authentication and view sensitive information, including valid access tokens. As a result, the router settings can be tampered with. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers of Japan Buffalo Company. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities. The vulnerabilities are caused by input validation errors when processing the directory traversal sequence in the web interface. Attackers can use the vulnerabilities to bypass authentication. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 3.51

sources: NVD: CVE-2021-20090 // CERT/CC: VU#914124 // JVNDB: JVNDB-2021-002008 // CNVD: CNVD-2021-56801 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-20090

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-56801

AFFECTED PRODUCTS

vendor:buffalomodel:wsr-2533dhp3-bkscope:lteversion:1.24

Trust: 1.0

vendor:buffalomodel:wsr-2533dhpl2-bkscope:lteversion:1.02

Trust: 1.0

vendor:複数のベンダmodel:(複数の製品)scope:eqversion: -

Trust: 0.8

vendor:複数のベンダmodel:(複数の製品)scope:eqversion:for more information cert/cc please check the information provided by or the information provided by the discoverer.

Trust: 0.8

vendor:複数のベンダmodel:(複数の製品)scope:eqversion:(multiple products)

Trust: 0.8

vendor:buffalomodel:wsr-2533dhpl2scope:lteversion:<=1.02

Trust: 0.6

vendor:buffalomodel:wsr-2533dhp3scope:lteversion:<=1.24

Trust: 0.6

sources: CNVD: CNVD-2021-56801 // JVNDB: JVNDB-2021-002008 // NVD: CVE-2021-20090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20090
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2021-002008
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-56801
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-2010
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-20090
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-20090
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-56801
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20090
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-002008
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20090

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [IPA Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002008 // NVD: CVE-2021-20090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2010

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202104-2010

PATCH

title:Multiple vulnerabilities in some router products and countermeasuresurl:https://www.buffalo.jp/news/detail/20210727-01.html

Trust: 0.8

title:Patch for Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/283451

Trust: 0.6

title:Buffalo WSR-2533DHPL2 Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149797

Trust: 0.6

title:APT-Backpackurl:https://github.com/34zY/APT-Backpack

Trust: 0.1

title:Awesome-POCurl:https://github.com/ArrestX/--POC

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/POC-Notes

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/Pentest-Notes

Trust: 0.1

title:Awesome-POCurl:https://github.com/Threekiii/Awesome-POC

Trust: 0.1

title:Awesome-POCurl:https://github.com/KayCHENvip/vulnerability-poc

Trust: 0.1

title:Goby_POC POC 数量1319url:https://github.com/Z0fhack/Goby_POC

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

title:Threatposturl:https://threatpost.com/auth-bypass-bug-routers-exploited/168491/

Trust: 0.1

sources: CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010

EXTERNAL IDS

db:NVDid:CVE-2021-20090

Trust: 3.9

db:CERT/CCid:VU#914124

Trust: 3.3

db:TENABLEid:TRA-2021-13

Trust: 2.5

db:CS-HELPid:SB2021042705

Trust: 1.2

db:JVNid:JVNVU92877673

Trust: 0.8

db:JVNDBid:JVNDB-2021-002008

Trust: 0.8

db:CNVDid:CNVD-2021-56801

Trust: 0.6

db:CNNVDid:CNNVD-202104-2010

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULMONid:CVE-2021-20090

Trust: 0.1

sources: CERT/CC: VU#914124 // CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20090

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-13

Trust: 2.5

url:https://www.kb.cert.org/vuls/id/914124

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-20090

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021042705

Trust: 1.2

url:https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/

Trust: 1.1

url:cve-2021-20090

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92877673/index.html

Trust: 0.8

url:https://kb.cert.org/vuls/id/914124

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/auth-bypass-bug-routers-exploited/168491/

Trust: 0.1

sources: CERT/CC: VU#914124 // CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20090

CREDITS

This document was written by Timur Snoke.We have not received a statement from the vendor.

Trust: 0.8

sources: CERT/CC: VU#914124

SOURCES

db:CERT/CCid:VU#914124
db:CNVDid:CNVD-2021-56801
db:VULMONid:CVE-2021-20090
db:JVNDBid:JVNDB-2021-002008
db:CNNVDid:CNNVD-202104-2010
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-20090

LAST UPDATE DATE

2024-08-14T12:37:31.009000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#914124date:2021-10-07T00:00:00
db:CNVDid:CNVD-2021-56801date:2021-07-30T00:00:00
db:VULMONid:CVE-2021-20090date:2023-10-18T00:00:00
db:JVNDBid:JVNDB-2021-002008date:2021-07-27T05:10:00
db:CNNVDid:CNNVD-202104-2010date:2022-04-27T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-20090date:2024-07-25T17:32:27.007

SOURCES RELEASE DATE

db:CERT/CCid:VU#914124date:2021-07-20T00:00:00
db:CNVDid:CNVD-2021-56801date:2021-07-30T00:00:00
db:VULMONid:CVE-2021-20090date:2021-04-29T00:00:00
db:JVNDBid:JVNDB-2021-002008date:2021-07-27T00:00:00
db:CNNVDid:CNNVD-202104-2010date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-20090date:2021-04-29T15:15:10.630