cve/2021/CVE-2021-20090.md

### [CVE-2021-20090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090)
![](https://img.shields.io/static/v1?label=Product&message=Buffalo%20WSR-2533DHPL2%2C%20Buffalo%20WSR-2533DHP3&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal&color=brighgreen)

### Description

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

### POC

#### Reference
- https://www.tenable.com/security/research/tra-2021-13

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/34zY/APT-Backpack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/DinoBytes/RVASec-2024-Consumer-Routers-Still-Suck
- https://github.com/HimmelAward/Goby_POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/d4n-sec/d4n-sec.github.io
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-20090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090)`
			`![](https://img.shields.io/static/v1?label=Product&message=Buffalo%20WSR-2533DHPL2%2C%20Buffalo%20WSR-2533DHP3&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal&color=brighgreen)`

			`### Description`

			`A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.`

			`### POC`

			`#### Reference`
			`- https://www.tenable.com/security/research/tra-2021-13`

			`#### Github`
			`- https://github.com/0day404/vulnerability-poc`
			`- https://github.com/34zY/APT-Backpack`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/ArrestX/--POC`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/DinoBytes/RVASec-2024-Consumer-Routers-Still-Suck`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/HimmelAward/Goby_POC`
			`- https://github.com/KayCHENvip/vulnerability-poc`
			`- https://github.com/Miraitowa70/POC-Notes`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Z0fhack/Goby_POC`
			`- https://github.com/d4n-sec/d4n-sec.github.io`