diff --git a/Arcadyan/CVE-2021-20090/Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif b/Arcadyan/CVE-2021-20090/Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif
new file mode 100644
index 0000000..687d3cf
Binary files /dev/null and b/Arcadyan/CVE-2021-20090/Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif differ
diff --git a/Arcadyan/CVE-2021-20090/README.md b/Arcadyan/CVE-2021-20090/README.md
new file mode 100644
index 0000000..7e1af07
--- /dev/null
+++ b/Arcadyan/CVE-2021-20090/README.md
@@ -0,0 +1,11 @@
+# Arcadyan Routers Authentication Bypassing (CVE-2021–20090)
+
+A path traversal vulnerability (CVE-2021-20090) in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. This vulnerability also affected many other devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware.
+
+Another vulnerabilities, using Configuration File Injection (CVE-2021-20091) to open telnetd and using Improper Access Control(CVE-2021-20092) to get admin password, have only been confirmed on Buffalo WSR-2533 models.
+
+**FOFA query rule**: [body="css/style-ad-JP.css"](https://fofa.so/result?qbase64=Ym9keT0iY3NzL3N0eWxlLWFkLUpQLmNzcyI%3D)
+
+# Demo
+
+![](Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif)
\ No newline at end of file