admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090

Browse Source
This commit is contained in:
gobysec 2021-08-04 20:40:11 +08:00
parent 5f7195eb14
commit 6206df14f6
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Arcadyan/CVE-2021-20090/Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 MiB

11
Arcadyan/CVE-2021-20090/README.md Normal file
View File

@ -0,0 +1,11 @@
# Arcadyan Routers Authentication Bypassing (CVE-202120090)
A path traversal vulnerability (CVE-2021-20090) in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. This vulnerability also affected many other devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware.
Another vulnerabilities, using Configuration File Injection (CVE-2021-20091) to open telnetd and using Improper Access Control(CVE-2021-20092) to get admin password, have only been confirmed on Buffalo WSR-2533 models.
**FOFA query rule**: [body="css/style-ad-JP.css"](https://fofa.so/result?qbase64=Ym9keT0iY3NzL3N0eWxlLWFkLUpQLmNzcyI%3D)
# Demo
![](Arcadyan_Routers_Authentication_Bypassing_CVE_2021_20090.gif)