Multiple vulnerabilities in Buffalo broadband routers


Multiple broadband routers provided by BUFFALO INC. contain multiple vulnerabilities listed below.

* Disclosure of sensitive information to an unauthorized user (CWE-200) - CVE-2021-3511
* Improper access control (CWE-284) - CVE-2021-3512

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-3511

CVSS V3 Severity:
Base Metrics: 7.5 (High) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2021-3512
Affected Products

  • BHR-4GRV firmware Ver.1.99 and prior
  • DWR-HP-G300NH firmware Ver.1.83 and prior
  • FS-600DHP firmware Ver.3.38 and prior
  • FS-G300N firmware Ver.3.13 and prior
  • FS-HP-G300N firmware Ver.3.32 and prior
  • FS-R600DHP firmware Ver.3.39 and prior
  • HW-450HP-ZWE firmware Ver.1.99 and prior
  • WHR-300 firmware Ver.1.99 and prior
  • WHR-300HP firmware Ver.1.99 and prior
  • WHR-G301N firmware Ver.1.86 and prior
  • WHR-HP-G300N firmware Ver.1.99 and prior
  • WHR-HP-GN firmware Ver.1.86 and prior
  • WPL-05G300 firmware Ver.1.87 and prior
  • WZR-300HP firmware Ver.1.99 and prior
  • WZR-450HP firmware Ver.1.99 and prior
  • WZR-450HP-CWT firmware Ver.1.99 and prior
  • WZR-450HP-UB firmware Ver.1.99 and prior
  • WZR-600DHP firmware Ver.1.99 and prior
  • WZR-D1100H firmware Ver.1.99 and prior
  • WZR-HP-AG300H firmware Ver.1.75 and prior
  • WZR-HP-G300NH firmware Ver.1.83 and prior
  • WZR-HP-G301NH firmware Ver.1.83 and prior
  • WZR-HP-G302H firmware Ver.1.85 and prior
  • WZR-HP-G450H firmware Ver.1.89 and prior


* An unauthenticated network-adjacent attacker can possibly obtain information such as configuration. - CVE-2021-3511
* An unauthenticated network-adjacent attacker can start telnet service and execute arbitrary OS commands with root privileges. - CVE-2021-3512

[Update firmware]
Apply the appropriate firimware update according to the information provided by the developer.
The developer has released fixed versions listed below.

* BHR-4GRV firmware Ver.2.00
* DWR-HP-G300NH firmware Ver.1.84
* HW-450HP-ZWE firmware Ver.2.00
* WHR-300HP firmware Ver.2.00
* WHR-300 firmware Ver.2.00
* WHR-G301N firmware Ver.1.87
* WHR-HP-G300N firmware Ver.2.00
* WHR-HP-GN firmware Ver.1.87
* WPL-05G300 firmware Ver.1.88
* WZR-450HP-CWT firmware Ver.2.00
* WZR-450HP-UB firmware Ver.2.00
* WZR-HP-AG300H firmware Ver.1.76
* WZR-HP-G300NH firmware Ver.1.84
* WZR-HP-G301NH firmware Ver.1.84
* WZR-HP-G302H firmware Ver.1.86
* WZR-HP-G450H firmware Ver.1.90
* WZR-300HP firmware Ver.2.00
* WZR-450HP firmware Ver.2.00
* WZR-600DHP firmware Ver.2.00
* WZR-D1100H firmware Ver.2.00
* FS-HP-G300N firmware Ver.3.33
* FS-600DHP firmware Ver.3.40
* FS-R600DHP firmware Ver.3.40
* FS-G300N firmware Ver.3.14
Vendor Information

CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
  2. Improper Access Control(CWE-284) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2021-3511
  2. CVE-2021-3512

  1. JVN : JVNVU#99235714
Revision History

  • [2021/04/28]
      Web page was published
  • [2021/05/07]
      Impact : Content was modified