Details of VAR-202104-1673

ID

VAR-202104-1673

CVE

CVE-2021-3512

TITLE

Multiple vulnerabilities in Buffalo routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-001381

DESCRIPTION

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. The following vulnerabilities exist in multiple router products provided by Buffalo Inc. * information leak (CWE-200) - CVE-2021-3511 ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-3512 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * The setting information of the device is stolen by a third party on the adjacent network. - CVE-2021-3511 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS Command is executed - CVE-2021-3512. Buffalo 固件是日本Buffalo公司的一个网络设备

Trust: 2.25

sources: NVD: CVE-2021-3512 // JVNDB: JVNDB-2021-001381 // CNNVD: CNNVD-202104-1997 // VULMON: CVE-2021-3512

AFFECTED PRODUCTS

vendor:	buffalo	model:	dwr-hp-g300nh	scope:	lt	version:	1.84	Trust: 1.0
vendor:	buffalo	model:	fs-g300n	scope:	lt	version:	3.14	Trust: 1.0
vendor:	buffalo	model:	whr-300	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	whr-300hp	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp-ub	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g301nh	scope:	lt	version:	1.84	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g302h	scope:	lt	version:	1.86	Trust: 1.0
vendor:	buffalo	model:	fs-r600dhp	scope:	lt	version:	3.40	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp-cwt	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	whr-hp-gn	scope:	lt	version:	1.87	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g300nh	scope:	lt	version:	1.84	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g450h	scope:	lt	version:	1.90	Trust: 1.0
vendor:	buffalo	model:	fs-hp-g300n	scope:	lt	version:	3.33	Trust: 1.0
vendor:	buffalo	model:	whr-hp-g300n	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wzr-300hp	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	hw-450hp-zwe	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wpl-05g300	scope:	lt	version:	1.88	Trust: 1.0
vendor:	buffalo	model:	wzr-600dhp	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-ag300h	scope:	lt	version:	1.76	Trust: 1.0
vendor:	buffalo	model:	wzr-d1100h	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	bhr-4grv	scope:	lt	version:	2.00	Trust: 1.0
vendor:	buffalo	model:	fs-600dhp	scope:	lt	version:	3.40	Trust: 1.0
vendor:	buffalo	model:	whr-g301n	scope:	lt	version:	1.87	Trust: 1.0
vendor:	バッファロー	model:	bhr-4grv	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	dwr-hp-g300nh	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	fs-600dhp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	fs-g300n	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	fs-hp-g300n	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	fs-r600dhp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	hw-450hp-zwe	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	whr-300hp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	whr-300	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	whr-g301n	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	whr-hp-g300n	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	whr-hp-gn	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wpl-05g300	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-300hp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-450hp-cwt	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-450hp-ub	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-450hp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-600dhp	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-d1100h	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-hp-ag300h	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-hp-g300nh	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-hp-g301nh	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-hp-g302h	scope:	-	version:	-	Trust: 0.8
vendor:	バッファロー	model:	wzr-hp-g450h	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001381 // NVD: CVE-2021-3512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3512
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001381
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-1997
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-3512
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

nvd@nist.gov:	CVE-2021-3512
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001381
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-001381 // CNNVD: CNNVD-202104-1997 // NVD: CVE-2021-3512

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	information leak (CWE-200) [IPA Evaluation ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [IPA Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001381 // NVD: CVE-2021-3512

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1997

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1997

PATCH

title:	Multiple vulnerabilities in some router products and how to deal with them	url:	https://www.buffalo.jp/news/detail/20210427-01.html	Trust: 0.8
title:	Buffalo broadband routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150355	Trust: 0.6

sources: JVNDB: JVNDB-2021-001381 // CNNVD: CNNVD-202104-1997

EXTERNAL IDS

db:	JVN	id:	JVNVU99235714	Trust: 2.5
db:	NVD	id:	CVE-2021-3512	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-001381	Trust: 1.4
db:	CNNVD	id:	CNNVD-202104-1997	Trust: 0.6
db:	VULMON	id:	CVE-2021-3512	Trust: 0.1

sources: VULMON: CVE-2021-3512 // JVNDB: JVNDB-2021-001381 // CNNVD: CNNVD-202104-1997 // NVD: CVE-2021-3512

REFERENCES

url:	https://jvn.jp/en/vu/jvnvu99235714/index.html	Trust: 1.7
url:	https://www.buffalo.jp/news/detail/20210427-01.html	Trust: 1.7
url:	http://jvn.jp/cert/jvnvu99235714	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3512	Trust: 0.6
url:	https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-001381.html	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-3512 // JVNDB: JVNDB-2021-001381 // CNNVD: CNNVD-202104-1997 // NVD: CVE-2021-3512

SOURCES

db:	VULMON	id:	CVE-2021-3512
db:	JVNDB	id:	JVNDB-2021-001381
db:	CNNVD	id:	CNNVD-202104-1997
db:	NVD	id:	CVE-2021-3512

LAST UPDATE DATE

2024-11-23T22:25:04.533000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-3512	date:	2021-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-001381	date:	2021-05-07T07:26:00
db:	CNNVD	id:	CNNVD-202104-1997	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-3512	date:	2024-11-21T06:21:43.343

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-3512	date:	2021-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-001381	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-1997	date:	2021-04-27T00:00:00
db:	NVD	id:	CVE-2021-3512	date:	2021-04-28T01:15:17.187