Arbitrary Command Execution in Buffalo WSR-1166DHP3 and WSR-1166DHP4 Firmware
CVE-2021-20731

8.8HIGH

Key Information:

Vendor: Buffalo Inc.
Status: Wsr-1166dHP3 And Wsr-1166dHP4
Vendor: CVE Published:; 9 June 2021

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2021-20731?

The firmware versions WSR-1166DHP3 prior to Ver.1.16 and WSR-1166DHP4 prior to Ver.1.02 from Buffalo are susceptible to a vulnerability that allows attackers to execute arbitrary operating system commands with root privileges. This vulnerability can be exploited through unspecified vectors, potentially leading to significant security risks for affected devices. Users are encouraged to update their firmware to mitigate these risks.

Affected Version(s)

WSR-1166DHP3 and WSR-1166DHP4 WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior

References

https://www.buffalo.jp/news/detail/20210531-01.html

x_refsource_MISC

https://jvn.jp/en/vu/JVNVU92862829/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Dec 17, 2020