Details of VAR-202104-0768

ID

VAR-202104-0768

CVE

CVE-2021-20090

TITLE

Arcadyan-based routers and modems vulnerable to authentication bypass

Trust: 0.8

sources: CERT/CC: VU#914124

DESCRIPTION

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.CVE-2021-20090 AffectedCVE-2021-20090 Affected. Arcadyan Directory traversal vulnerabilities in many routers that use software CWE-22 , CVE-2021-20090 ) Exists.A remote third party may evade authentication and view sensitive information, including valid access tokens. As a result, the router settings can be tampered with. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers of Japan Buffalo Company. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities. The vulnerabilities are caused by input validation errors when processing the directory traversal sequence in the web interface. Attackers can use the vulnerabilities to bypass authentication. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 3.51

sources: NVD: CVE-2021-20090 // CERT/CC: VU#914124 // JVNDB: JVNDB-2021-002008 // CNVD: CNVD-2021-56801 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-20090

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-56801

AFFECTED PRODUCTS

vendor:	buffalo	model:	wsr-2533dhp3-bk	scope:	lte	version:	1.24	Trust: 1.0
vendor:	buffalo	model:	wsr-2533dhpl2-bk	scope:	lte	version:	1.02	Trust: 1.0
vendor:	複数のベンダ	model:	（複数の製品）	scope:	eq	version:	-	Trust: 0.8
vendor:	複数のベンダ	model:	（複数の製品）	scope:	eq	version:	for more information cert/cc please check the information provided by or the information provided by the discoverer.	Trust: 0.8
vendor:	複数のベンダ	model:	（複数の製品）	scope:	eq	version:	(multiple products)	Trust: 0.8
vendor:	buffalo	model:	wsr-2533dhpl2	scope:	lte	version:	<=1.02	Trust: 0.6
vendor:	buffalo	model:	wsr-2533dhp3	scope:	lte	version:	<=1.24	Trust: 0.6

sources: CNVD: CNVD-2021-56801 // JVNDB: JVNDB-2021-002008 // NVD: CVE-2021-20090

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-20090
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2021-002008
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-56801
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-2010
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20090
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-56801
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULMON:	CVE-2021-20090
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-002008
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20090

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [IPA Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002008 // NVD: CVE-2021-20090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2010

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202104-2010

CONFIGURATIONS

sources: NVD: CVE-2021-20090

PATCH

title:	Multiple vulnerabilities in some router products and countermeasures	url:	https://www.buffalo.jp/news/detail/20210727-01.html	Trust: 0.8
title:	Patch for Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities	url:	https://www.cnvd.org.cn/patchinfo/show/283451	Trust: 0.6
title:	Buffalo WSR-2533DHPL2 Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149797	Trust: 0.6
title:	APT-Backpack	url:	https://github.com/34zy/apt-backpack	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/arrestx/--poc	Trust: 0.1
title:	Normal-POC	url:	https://github.com/miraitowa70/poc-notes	Trust: 0.1
title:	Normal-POC	url:	https://github.com/miraitowa70/pentest-notes	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/threekiii/awesome-poc	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/kaychenvip/vulnerability-poc	Trust: 0.1
title:	Goby_POC POC 数量1319	url:	https://github.com/z0fhack/goby_poc	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/ostorlab/kev	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/auth-bypass-bug-routers-exploited/168491/	Trust: 0.1

sources: CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20090	Trust: 3.9
db:	CERT/CC	id:	VU#914124	Trust: 3.3
db:	TENABLE	id:	TRA-2021-13	Trust: 2.5
db:	CS-HELP	id:	SB2021042705	Trust: 1.2
db:	JVN	id:	JVNVU92877673	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002008	Trust: 0.8
db:	CNVD	id:	CNVD-2021-56801	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-2010	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULMON	id:	CVE-2021-20090	Trust: 0.1

sources: CERT/CC: VU#914124 // CNVD: CNVD-2021-56801 // VULMON: CVE-2021-20090 // JVNDB: JVNDB-2021-002008 // CNNVD: CNNVD-202104-2010 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-20090

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-13	Trust: 2.5
url:	https://www.kb.cert.org/vuls/id/914124	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20090	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021042705	Trust: 1.2
url:	https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/	Trust: 1.1
url:	cve-2021-20090	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92877673/index.html	Trust: 0.8
url:	https://kb.cert.org/vuls/id/914124	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/auth-bypass-bug-routers-exploited/168491/	Trust: 0.1

CREDITS

This document was written by Timur Snoke.We have not received a statement from the vendor.

Trust: 0.8

sources: CERT/CC: VU#914124

SOURCES

db:	CERT/CC	id:	VU#914124
db:	CNVD	id:	CNVD-2021-56801
db:	VULMON	id:	CVE-2021-20090
db:	JVNDB	id:	JVNDB-2021-002008
db:	CNNVD	id:	CNNVD-202104-2010
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-20090

LAST UPDATE DATE

2024-01-17T17:38:11.904000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#914124	date:	2021-10-07T00:00:00
db:	CNVD	id:	CNVD-2021-56801	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2021-20090	date:	2023-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-002008	date:	2021-07-27T05:10:00
db:	CNNVD	id:	CNNVD-202104-2010	date:	2022-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-20090	date:	2023-10-18T01:15:24.427

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#914124	date:	2021-07-20T00:00:00
db:	CNVD	id:	CNVD-2021-56801	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2021-20090	date:	2021-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-002008	date:	2021-07-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-2010	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-20090	date:	2021-04-29T15:15:10.630