CVE-2021-20091 – Buffalo / Multiple – Unspecified

August 24, 2021

CVE-2021-20091 is an unspecified vulnerability impacting Buffalo WSR-2533DHPL2 firmware versions 1.02 and earlier and Buffalo WSR-2533DHP3 firmware versions 1.24 and earlier. A proof of concept (PoC) was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of a PoC was shared via Twitter.

Summary:

CVE-2021-20091 is an unspecified vulnerability impacting Buffalo WSR-2533DHPL2 firmware versions 1.02 and earlier and Buffalo WSR-2533DHP3 firmware versions 1.24 and earlier. A proof of concept (PoC) was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of a PoC was shared via Twitter.

PoC Links(if available):

Tenable: Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers –
https://www.tenable.com/security/research/tra-2021-13

Known Counter Measures:

Buffalo addressed the vulnerability in security advisory with updated versions.

Links to patches(if available)

https://www.buffalo.jp/news/detail/20210727-01.html

Tags:

You may have missed

CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 27, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 27, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 27, 2024
CISA Logo

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

April 27, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 27, 2024