CVE-2021-20092 – This vulnerability allows unauthorized actors t... (How to Fix)

Q: What is the severity of CVE-2021-20092?

CVE-2021-20092 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthorized actors to access sensitive information through the web interfaces of affected Buffalo routers. It affects users of Buffalo WSR-2533DHPL2 and WSR-2533DHP3 routers with outdated firmware versions.

📋 TL;DR

This vulnerability allows unauthorized actors to access sensitive information through the web interfaces of affected Buffalo routers. It affects users of Buffalo WSR-2533DHPL2 and WSR-2533DHP3 routers with outdated firmware versions.

💻 Affected Systems

Products:

Buffalo WSR-2533DHPL2
Buffalo WSR-2533DHP3

Versions: WSR-2533DHPL2 firmware version <= 1.02, WSR-2533DHP3 firmware version <= 1.24

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface; no special configurations required for exploitation.

📦 What is this software?

Wsr 2533dhp3 Bk Firmware by Buffalo

View all CVEs affecting Wsr 2533dhp3 Bk Firmware →

Wsr 2533dhpl2 Bk Firmware by Buffalo

View all CVEs affecting Wsr 2533dhpl2 Bk Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal sensitive configuration data, credentials, or network information, potentially leading to full device compromise or network infiltration.

🟠

Likely Case

Unauthorized access to router settings or logs, enabling reconnaissance for further attacks or disruption of network services.

🟢

If Mitigated

If access controls are properly enforced, the impact is minimal as unauthorized requests are blocked.

🌐 Internet-Facing: HIGH, as the web interface is typically exposed to the internet, making it accessible to remote attackers.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it if they gain network access, but it requires proximity or initial foothold.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation involves simple HTTP requests to access restricted endpoints without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WSR-2533DHPL2 firmware > 1.02, WSR-2533DHP3 firmware > 1.24

Vendor Advisory: https://www.buffalo.jp/support/security/2021/wsr-2533dhpl2_wsr-2533dhp3.html

Restart Required: Yes

Instructions:

1. Download the latest firmware from Buffalo's official support site. 2. Log into the router's web interface. 3. Navigate to the firmware update section. 4. Upload and apply the new firmware file. 5. Reboot the router after update.

🔧 Temporary Workarounds

Disable web interface from WAN

all

Prevent external access to the router's web management interface.

Log into router web interface, go to Advanced Settings > Security, disable remote management or restrict to LAN only.

Use firewall rules

all

Block inbound traffic to the router's web interface ports (typically 80/443).

Configure firewall to deny external access to router IP on ports 80 and 443.

🧯 If You Can't Patch

Isolate the router on a separate network segment to limit exposure.
Implement network monitoring to detect unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the router's web interface under System Information or similar section.

Check Version:

Log into router web interface and navigate to System Status or use CLI if available: 'show version'.

Verify Fix Applied:

After updating, confirm the firmware version is above the vulnerable thresholds and test access to restricted endpoints returns authentication errors.

📡 Detection & Monitoring

Log Indicators:

Unauthorized HTTP requests to sensitive endpoints like /cgi-bin/ or /admin/ in router logs.

Network Indicators:

Unusual traffic patterns to router IP on port 80/443 from external sources.

SIEM Query:

source="router_logs" AND (url="*cgi-bin*" OR url="*admin*") AND response_code=200

📊 Metadata

CVE ID: CVE-2021-20092

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-287

Published: April 29, 2021

Last Updated: November 21, 2024

🔗 References

https://www.tenable.com/security/research/tra-2021-13 Third Party Advisory
https://www.tenable.com/security/research/tra-2021-13 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20092, you might also want to check these: