Back to KEVs

CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 17, 2020
Published Date
April 29, 2021
Last Updated
February 06, 2025
Vendor
n/a
Product
Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3
Description
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
Tags
cisa nessus_scanner nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source

References

https://www.tenable.com/security/research/tra-2021-13 https://www.kb.cert.org/vuls/id/914124 https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20090.yaml 2025-04-26 00:00:00 UTC
Nessus https://www.tenable.com/plugins/nessus/154981 2023-03-08 01:05:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nessus

  • Detected by Nuclei