Improper Access Control in Buffalo WSR-1166DHP3 and WSR-1166DHP4 Firmware
CVE-2021-20730

4.3MEDIUM

Key Information:

Vendor: Buffalo Inc.
Status: Wsr-1166dHP3 And Wsr-1166dHP4
Vendor: CVE Published:; 9 June 2021

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2021-20730?

The Buffalo WSR-1166DHP3 and WSR-1166DHP4 devices have an improper access control vulnerability in their firmware versions. This flaw enables unauthorized attackers to exploit unspecified vectors, potentially allowing them to access sensitive configuration information. Organizations using impacted firmware should take action to mitigate this security risk by applying the necessary updates or patches identified by the vendor.

Affected Version(s)

WSR-1166DHP3 and WSR-1166DHP4 WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior

References

https://www.buffalo.jp/news/detail/20210531-01.html

x_refsource_MISC

https://jvn.jp/en/vu/JVNVU92862829/index.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Dec 17, 2020