A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBuffalo Wsr 2533dhp3 Bk
HWBuffalowszystkie wersjeBuffalo Wsr 2533dhp3 Bk Firmware
OSBuffalo≤ 1.24Buffalo Wsr 2533dhpl2 Bk
HWBuffalowszystkie wersjeBuffalo Wsr 2533dhpl2 Bk Firmware
OSBuffalo≤ 1.02
CISA KEV — detailsi
- Vendori
- Arcadyan
- Producti
- Buffalo Firmware
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
Apply updates per vendor instructions.
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.
Related vulnerabilities
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24...
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24...
RCE poprzez command injection w Open XDMoD (wersje 9.5.0–11.0.2)
SQL Injection w Open XDMoD — nieuwierzytelniony dostęp do bazy danych
Buffalo WSR-2533DHP — hasło przechowywane w postaci jawnej (plaintext)