CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	241
https://lists.astaro.com/ASGV9-IPS-rules.html#0	30
https://news.ycombinator.com/item?id=28106346	5
https://medium.com/tenable-techblog/bypassing-authenticatio...	4
https://www.tenable.com/security/research/tra-2021-13	4
https://www.adslzone.net/noticias/seguridad/cve-2021-20090-...	4
https://ift.tt/3xxyhu8	3
https://twitter.com/bearstech/status/1424718965000048641	3
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Pr...	3
https://threatpost.com/auth-bypass-bug-routers-exploited/16...	3
https://blogs.juniper.net/en-us/security/freshly-disclosed-...	3
https://thehackernews.com/2021/08/hackers-exploiting-new-au...	3
https://securityaffairs.co/wordpress/120908/hacking/cve-202...	3
https://www.bleepingcomputer.com/news/security/actively-exp...	3
https://ipssignatures.appspot.com/?cve=CVE-2021-20090	3

Information from Twitter

User	URL	Info Source	Date
autumn_good_35	https://www.nsa.gov/Press-Room/Press-Releases-Statements/Pr...	Source autumn_good_35 1578319068020428801	2022/10/07
autumn_good_35	https://twitter.com/autumn_good_35/status/15783190680204288...	Source autumn_good_35 1578319068020428801	2022/10/07
hrbrmstr	https://viz.greynoise.io/query/?gnql=cve%3ACVE-2021-44228%2...	Source hrbrmstr 1578392826378952704	2022/10/07
lightmare8	https://www.tenable.com/security/research/tra-2021-13	Source lightmare8 1580760882392764416	2022/10/14
lightmare8	https://twitter.com/lightmare8/status/1580760882392764416/p...	Source lightmare8 1580760882392764416	2022/10/14
lightmare8	https://iototsecnews.jp/2021/08/07/cve-2021-20090-actively-...	Source lightmare8 1580764927689895936	2022/10/14

URL	Num of Times Referred to
alerts.vulmon.com	241
lists.astaro.com	30
news.ycombinator.com	5
medium.com	4
www.tenable.com	4
www.adslzone.net	4
ift.tt	3
twitter.com	3
www.nsa.gov	3
threatpost.com	3
blogs.juniper.net	3
thehackernews.com	3
securityaffairs.co	3
www.bleepingcomputer.com	3
ipssignatures.appspot.com	3

User	URL	Info Source
autumn_good_35	nsa.gov	Show Tweet
autumn_good_35	twitter.com	Show Tweet
hrbrmstr	viz.greynoise.io	Show Tweet
lightmare8	tenable.com	Show Tweet
lightmare8	twitter.com	Show Tweet
lightmare8	iototsecnews.jp	Show Tweet

Name	URL
No Data

Name	URL
No Data

2022/10/14 Score : 0
Added Har-sia Database : 2021/04/30
Last Modified : 2022/10/14
Highest Scored Date : 2021/08/08
Highest Score : 55

CVE-2021-20090

Description from NVD

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

Refer to Information on External Sites

Information from Twitter

Information from Twitter