{ "id": "CVE-2021-3511", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2021-04-28T01:15:17.153", "lastModified": "2022-07-12T17:42:04.277", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors." }, { "lang": "es", "value": "Una divulgaci\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de usuario no autorizado en los enrutadores de banda ancha de Buffalo (firmware de BHR-4GRV Ver.1.99 y anterior, firmware de DWR-HP-G300NH Ver.1.83 y anterior, firmware HW-450HP-ZWE Ver.1.99 y anterior, WHR- Firmware 300HP Ver.1.99 y anteriores, firmware de WHR-300 Ver.1.99 y anteriores, firmware de WHR-G301N Ver.1.86 y anteriores, firmware de WHR-HP-G300N Ver.1.99 y anteriores, firmware de WHR-HP-GN Ver.1.86 y anterior, firmware de WPL-05G300 Ver.1.87 y anterior, firmware de WZR-450HP-CWT Ver.1.99 y anterior, firmware de WZR-450HP-UB Ver.1.99 y anterior, firmware de WZR-HP-AG300H Ver.1.75 y anterior, WZR- Firmware HP-G300NH Ver.1.83 y anterior, firmware de WZR-HP-G301NH Ver.1.83 y anterior, firmware de WZR-HP-G302H Ver.1.85 y anterior, firmware de WZR-HP-G450H Ver.1.89 y anterior, firmware de WZR-300HP Ver.1.99 y anteriores, firmware de WZR-450HP Ver.1.99 y anteriores, firmware de WZR-600DHP Ver.1.99 y anteriores, firmware de WZR-D1100H Ver.1.99 y anteriores, firmware FS-HP-G300N Ver.3.32 y anteriores, firmware FS-600DHP Ver.3.38 y anteriores, firmware FS-R600DHP Ver.3.39 y anteriores, y el firmware de FS-G300N Ver.3.13 y anteriores) permite a atacantes remotos no autenticados obtener informaci\u00f3n como la configuraci\u00f3n por medio de vectores no especificados" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3 }, "baseSeverity": "LOW", "exploitabilityScore": 6.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "50014200-AEB2-474F-8472-AA9D61C63EBB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*", "matchCriteriaId": "48780EC9-0E32-4DB5-91C2-3DD9048BCDA1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.84", "matchCriteriaId": "D4A328F7-7578-4B0A-84E9-C9466B3928CA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE96F509-FF8C-409B-BB40-E05A9F722554" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "F6429DFF-698C-4D6A-8499-BCD907889E55" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*", "matchCriteriaId": "54BE2F24-8A3F-426F-B935-62F82F83E457" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "1D03A8D2-57AB-4384-86D3-541273F50F3B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "697F6576-D774-4DC8-A2C9-A57F4E037F24" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "776F042B-0826-46E7-A385-DAEB84893E18" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "342ABB1C-DEB2-4B34-B5FB-A3D072B4760F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:whr-g301n_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.87", "matchCriteriaId": "A2421920-5863-48BB-B4C8-C2D36C232295" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:whr-g301n:-:*:*:*:*:*:*:*", "matchCriteriaId": "95600434-8888-40AA-9FF4-273031A9C316" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "0D7050D0-6398-465A-9FE5-7F195FCE2940" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:whr-hp-g300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7E26183-35D3-4A44-8D9A-AB358957C75F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:whr-hp-gn_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.87", "matchCriteriaId": "9A19100A-DF19-4268-BAB0-33FBC4B413B9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:whr-hp-gn:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BC10377-CF91-43A5-BC3F-C690F291535A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.88", "matchCriteriaId": "133F1788-993B-445B-AF28-1348BEBD30E4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wpl-05g300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6C24CCE-813A-4F11-B4A5-2AF075018F2A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "3526B328-E0D8-419D-8C94-4D9098DAC1CE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:*", "matchCriteriaId": "348D05E5-E619-4AE9-8A62-DF214899DB17" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "B83893C6-CD36-42B7-B117-4964DC2A1322" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5923DA5-CF09-408D-BE0D-A878EFB8BB6B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.76", "matchCriteriaId": "5EF711EA-6449-4C83-A5E1-590CFC913FAD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-hp-ag300h:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DBC06D-0003-4196-A360-59657454DAF6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.84", "matchCriteriaId": "A5C80B97-740C-4685-AFA4-F1C7A942A903" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-hp-g300nh:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA3BFED6-500A-49C0-BBE1-E9AB5525C143" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.84", "matchCriteriaId": "8E6462B9-978F-432E-BB7C-E8A2BFB73669" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-hp-g301nh:-:*:*:*:*:*:*:*", "matchCriteriaId": "A753B947-1562-4147-965B-6437C4328F44" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.86", "matchCriteriaId": "E4249F56-42ED-4F5F-AEE9-07335DAA23E4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-hp-g302h:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE42D0C-2181-47E3-87AA-A50C0C3ED002" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.90", "matchCriteriaId": "AB5DEEF4-7D48-49D0-A4C5-23FC8DB07343" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-hp-g450h:-:*:*:*:*:*:*:*", "matchCriteriaId": "72BEF724-6B38-4862-A74D-9FB7F5EB4233" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "32C5BCDF-BB62-4D58-95F3-317267DA170F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "80FFBDA4-E1A4-46CC-8EE0-6C92CB5C0A03" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "26F1AA6C-F40B-44EC-BE80-BEFBB86CA6DC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "6014747F-30BA-4C65-8340-CA16C886A45B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "CEDF49B2-2981-4266-9DD0-3384AA1CEB6F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*", "matchCriteriaId": "06AF9040-7F63-4E80-82DD-7448320BC940" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.00", "matchCriteriaId": "8C4E565E-6C13-4203-B119-5F338DD283F5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:wzr-d1100h:-:*:*:*:*:*:*:*", "matchCriteriaId": "79BB1A7E-19AD-4897-B20F-03BDA7DCFA8C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:fs-hp-g300n_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.33", "matchCriteriaId": "9C2DD237-46C6-403C-BED5-762E1D36F77D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:fs-hp-g300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8BAF7C5-60B2-445A-9FB5-99FE0CDBEA3A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.40", "matchCriteriaId": "A0748472-978E-41A5-A172-AA326256C473" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:fs-600dhp:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB3511D6-1738-43DD-ACBB-76D5C998906E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:fs-r600dhp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.40", "matchCriteriaId": "D3CD88A9-F7BF-47E9-9C8B-159AEF4002A4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:fs-r600dhp:-:*:*:*:*:*:*:*", "matchCriteriaId": "88A96BC7-410E-4341-A91C-343E44BEA3F5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:buffalo:fs-g300n_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.14", "matchCriteriaId": "E38B272E-748F-4532-ADF9-A2A86F399ADB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:buffalo:fs-g300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "84A229AF-D4F8-45CC-BAC1-792A24CAA6CF" } ] } ] } ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99235714/index.html", "source": "vultures@jpcert.or.jp", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.buffalo.jp/news/detail/20210427-01.html", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] } ] }