CVE-2021-3511

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
buffalobhr-4grv_firmware
𝑥
< 2.00
buffalodwr-hp-g300nh_firmware
𝑥
< 1.84
buffalohw-450hp-zwe_firmware
𝑥
< 2.00
buffalowhr-300hp_firmware
𝑥
< 2.00
buffalowhr-300_firmware
𝑥
< 2.00
buffalowhr-g301n_firmware
𝑥
< 1.87
buffalowhr-hp-g300n_firmware
𝑥
< 2.00
buffalowhr-hp-gn_firmware
𝑥
< 1.87
buffalowpl-05g300_firmware
𝑥
< 1.88
buffalowzr-450hp-cwt_firmware
𝑥
< 2.00
buffalowzr-450hp-ub_firmware
𝑥
< 2.00
buffalowzr-hp-ag300h_firmware
𝑥
< 1.76
buffalowzr-hp-g300nh_firmware
𝑥
< 1.84
buffalowzr-hp-g301nh_firmware
𝑥
< 1.84
buffalowzr-hp-g302h_firmware
𝑥
< 1.86
buffalowzr-hp-g450h_firmware
𝑥
< 1.90
buffalowzr-300hp_firmware
𝑥
< 2.00
buffalowzr-450hp_firmware
𝑥
< 2.00
buffalowzr-600dhp_firmware
𝑥
< 2.00
buffalowzr-d1100h_firmware
𝑥
< 2.00
buffalofs-hp-g300n_firmware
𝑥
< 3.33
buffalofs-600dhp_firmware
𝑥
< 3.40
buffalofs-r600dhp_firmware
𝑥
< 3.40
buffalofs-g300n_firmware
𝑥
< 3.14
𝑥
= Vulnerable software versions
References
https://jvn.jp/en/vu/JVNVU99235714/index.html
https://www.buffalo.jp/news/detail/20210427-01.html
https://jvn.jp/en/vu/JVNVU99235714/index.html
https://www.buffalo.jp/news/detail/20210427-01.html