VAR-202104-1673
Vulnerability from variot - Updated: 2023-12-18 12:16Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. The following vulnerabilities exist in multiple router products provided by Buffalo Inc. * information leak (CWE-200) - CVE-2021-3511 ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-3512 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * The setting information of the device is stolen by a third party on the adjacent network. - CVE-2021-3511 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS Command is executed - CVE-2021-3512. Buffalo 固件是日本Buffalo公司的一个网络设备
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs-r600dhp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "3.40"
},
{
"model": "bhr-4grv",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "wzr-hp-g450h",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.90"
},
{
"model": "fs-hp-g300n",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "3.33"
},
{
"model": "wzr-450hp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "whr-hp-gn",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.87"
},
{
"model": "whr-g301n",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.87"
},
{
"model": "wzr-hp-g302h",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.86"
},
{
"model": "dwr-hp-g300nh",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.84"
},
{
"model": "wzr-hp-g301nh",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.84"
},
{
"model": "wzr-300hp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "wzr-hp-g300nh",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.84"
},
{
"model": "whr-hp-g300n",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "wzr-d1100h",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "whr-300hp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "fs-600dhp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "3.40"
},
{
"model": "wzr-450hp-cwt",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "fs-g300n",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "3.14"
},
{
"model": "wzr-hp-ag300h",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.76"
},
{
"model": "whr-300",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "wpl-05g300",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.88"
},
{
"model": "wzr-450hp-ub",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "hw-450hp-zwe",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "wzr-600dhp",
"scope": "lt",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "bhr-4grv",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "dwr-hp-g300nh",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "fs-600dhp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "fs-g300n",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "fs-hp-g300n",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "fs-r600dhp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "hw-450hp-zwe",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "whr-300hp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "whr-300",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "whr-g301n",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "whr-hp-g300n",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "whr-hp-gn",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wpl-05g300",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-300hp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-450hp-cwt",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-450hp-ub",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-450hp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-600dhp",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-d1100h",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-hp-ag300h",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-hp-g300nh",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-hp-g301nh",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-hp-g302h",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wzr-hp-g450h",
"scope": null,
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.84",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:whr-g301n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.87",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:whr-g301n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:whr-hp-g300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:whr-hp-gn_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.87",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:whr-hp-gn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.88",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wpl-05g300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-ag300h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.84",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g300nh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.84",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g301nh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.86",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g302h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.90",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g450h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:wzr-d1100h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:fs-hp-g300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:fs-hp-g300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:fs-600dhp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:fs-r600dhp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:fs-r600dhp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:fs-g300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:fs-g300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3512"
}
]
},
"cve": "CVE-2021-3512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001381",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-3512",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001381",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1997",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. The following vulnerabilities exist in multiple router products provided by Buffalo Inc. * information leak (CWE-200) - CVE-2021-3511 \u2025 * telnet Inadequate access control to services (CWE-284) - CVE-2021-3512 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * The setting information of the device is stolen by a third party on the adjacent network. - CVE-2021-3511 \u2025 * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS Command is executed - CVE-2021-3512. Buffalo \u56fa\u4ef6\u662f\u65e5\u672cBuffalo\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
},
{
"db": "VULMON",
"id": "CVE-2021-3512"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU99235714",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-3512",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001381",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-3512",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3512"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"id": "VAR-202104-1673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3095238071428571
},
"last_update_date": "2023-12-18T12:16:28.067000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple vulnerabilities in some router products and how to deal with them",
"trust": 0.8,
"url": "https://www.buffalo.jp/news/detail/20210427-01.html"
},
{
"title": "Buffalo broadband routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=150355"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu99235714/index.html"
},
{
"trust": 1.7,
"url": "https://www.buffalo.jp/news/detail/20210427-01.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99235714"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3512"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-001381.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3512"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-3512"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3512"
},
{
"date": "2021-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"date": "2021-04-28T01:15:17.187000",
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"date": "2021-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3512"
},
{
"date": "2021-05-07T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2021-001381"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-3512"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Buffalo routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001381"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1997"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…