CVE-2021-20716
published 2021-04-28CVE-2021-20716: Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.18%
86.5th percentile
Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| buffalo | bhr-4rv_firmware | <= 2.55 | — |
| buffalo | fs-g54_firmware | <= 2.04 | — |
| buffalo | wbr-b11_firmware | <= 2.23 | — |
| buffalo | wbr-g54_firmware | <= 2.23 | — |
| buffalo | wbr-g54l_firmware | <= 2.20 | — |
| buffalo | wbr2-b11_firmware | <= 2.32 | — |
| buffalo | wbr2-g54-kd_firmware | <= 2.32 | — |
| buffalo | wbr2-g54_firmware | <= 2.32 | — |
| buffalo | whr-g54-nf_firmware | <= 2.10 | — |
| buffalo | whr-g54_firmware | <= 2.16 | — |
| buffalo | whr2-a54g54_firmware | <= 2.25 | — |
| buffalo | whr2-g54_firmware | <= 2.23 | — |
| buffalo | whr2-g54v_firmware | <= 2.55 | — |
| buffalo | whr3-ag54_firmware | <= 2.23 | — |
| buffalo | wla-b11_firmware | <= 2.20 | — |
| buffalo | wla-g54_firmware | <= 2.20 | — |
| buffalo | wla-g54c_firmware | <= 2.20 | — |
| buffalo | wla2-g54_firmware | <= 2.24 | — |
| buffalo | wla2-g54c_firmware | <= 2.24 | — |
| buffalo | wlah-a54g54_firmware | <= 2.54 | — |
| buffalo | wlah-am54g54_firmware | <= 2.54 | — |
| buffalo | wlah-g54_firmware | <= 2.54 | — |
| buffalo | wli-t1-b11_firmware | <= 2.20 | — |
| buffalo | wli-tx1-g54_firmware | <= 2.20 | — |
| buffalo | wli2-tx1-ag54_firmware | <= 2.53 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-28
Published