JVNVU#92862829: Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers

Overview

Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers provided by Buffalo Inc. contain multiple vulnerabilities.

Products Affected

WSR-1166DHP3 firmware Ver.1.16 and prior
WSR-1166DHP4 firmware Ver.1.02 and prior

Description

Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers provided by Buffalo Inc. contain multiple vulnerabilities listed below.

Improper access control (CWE-284) - CVE-2021-20730

CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
OS command injection (CWE-78) - CVE-2021-20731

CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Base Score: 5.4

Impact

An unauthenticated network-adjacent attacker can obtain configuration information. - CVE-2021-20730
An unauthenticated network-adjacent attacker can execute multiple OS commands with root privileges. - CVE-2021-20731

Solution

Update firmware
Apply the appropriate firimware update according to the information provided by the developer.
The developer has released fixed versions listed below.

WSR-1166DHP3 firmware Ver.1.17
WSR-1166DHP4 firmware Ver.1.03

Vendor Status

Vendor	Status	Last Update	Vendor Notes
BUFFALO INC.	Vulnerable	2021/05/31	BUFFALO INC. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2021-20730
	CVE-2021-20731
JVN iPedia

JVNVU#92862829 Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers