CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 17, 2020
Published Date: April 29, 2021
Last Updated: February 06, 2025
Vendor: n/a
Product: Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3
Description: A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.tenable.com/security/research/tra-2021-13 https://www.kb.cert.org/vuls/id/914124 https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20090.yaml	2025-04-26 00:00:00 UTC