mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 02:31:35 +00:00
Arcadyan Routers Authentication Bypassing (CVE-2021–20090)
A path traversal vulnerability (CVE-2021-20090) in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. This vulnerability also affected many other devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware.
Another vulnerabilities, using Configuration File Injection (CVE-2021-20091) to open telnetd and using Improper Access Control(CVE-2021-20092) to get admin password, have only been confirmed on Buffalo WSR-2533 models.
FOFA query rule: body="css/style-ad-JP.css"
Demo
