CVE-2021-20090 – Arcadyan Buffalo Firmware Path Traversal Vulnerability

https://notcve.org/view.php?id=CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. Una vulnerabilidad de salto de ruta en las interfaces web de Buffalo WSR-2533DHPL2 versión de firmware anterior a 1.02 e incluyéndola y WSR-2533DHP3 versión de firmware anterior a 1.24 e incluyéndola, podría permitir a atacantes remotos no autenticados omitir la autenticación Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors. • https://www.kb.cert.org/vuls/id/914124 https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation https://www.tenable.com/security/research/tra-2021-13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •