Published:2021/04/27  Last Updated:2021/04/30

JVNVU#99235714
Multiple vulnerabilities in Buffalo broadband routers

Overview

Multiple broadband routers provided by Buffalo Inc. contain multiple vulnerabilities.

Products Affected

  • BHR-4GRV firmware Ver.1.99 and prior
  • DWR-HP-G300NH firmware Ver.1.83 and prior
  • HW-450HP-ZWE firmware Ver.1.99 and prior
  • WHR-300HP firmware Ver.1.99 and prior
  • WHR-300 firmware Ver.1.99 and prior
  • WHR-G301N firmware Ver.1.86 and prior
  • WHR-HP-G300N firmware Ver.1.99 and prior
  • WHR-HP-GN firmware Ver.1.86 and prior
  • WPL-05G300 firmware Ver.1.87 and prior
  • WZR-450HP-CWT firmware Ver.1.99 and prior
  • WZR-450HP-UB firmware Ver.1.99 and prior
  • WZR-HP-AG300H firmware Ver.1.75 and prior
  • WZR-HP-G300NH firmware Ver.1.83 and prior
  • WZR-HP-G301NH firmware Ver.1.83 and prior
  • WZR-HP-G302H firmware Ver.1.85 and prior
  • WZR-HP-G450H firmware Ver.1.89 and prior
  • WZR-300HP firmware Ver.1.99 and prior
  • WZR-450HP firmware Ver.1.99 and prior
  • WZR-600DHP firmware Ver.1.99 and prior
  • WZR-D1100H firmware Ver.1.99 and prior
  • FS-HP-G300N firmware Ver.3.32 and prior
  • FS-600DHP firmware Ver.3.38 and prior
  • FS-R600DHP firmware Ver.3.39 and prior
  • FS-G300N firmware Ver.3.13 and prior

Description

Multiple broadband routers provided by BUFFALO INC. contain multiple vulnerabilities listed below.

  • Disclosure of sensitive information to an unauthorized user (CWE-200) - CVE-2021-3511
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
  • Improper access control (CWE-284) - CVE-2021-3512
    CVSS v3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 7.5

Impact

  • An unauthenticated network-adjacent attacker can possibly obtain information such as configuration. - CVE-2021-3511
  • An unauthenticated network-adjacent attacker can start telnet service and execute arbitrary OS commands with root privileges. - CVE-2021-3512
 

Solution

Update firmware
Apply the appropriate firimware update according to the information provided by the developer.
The developer has released fixed versions listed below.

  • BHR-4GRV firmware Ver.2.00
  • DWR-HP-G300NH firmware Ver.1.84
  • HW-450HP-ZWE firmware Ver.2.00
  • WHR-300HP firmware Ver.2.00
  • WHR-300 firmware Ver.2.00
  • WHR-G301N firmware Ver.1.87
  • WHR-HP-G300N firmware Ver.2.00
  • WHR-HP-GN firmware Ver.1.87
  • WPL-05G300 firmware Ver.1.88
  • WZR-450HP-CWT firmware Ver.2.00
  • WZR-450HP-UB firmware Ver.2.00
  • WZR-HP-AG300H firmware Ver.1.76
  • WZR-HP-G300NH firmware Ver.1.84
  • WZR-HP-G301NH firmware Ver.1.84
  • WZR-HP-G302H firmware Ver.1.86
  • WZR-HP-G450H firmware Ver.1.90
  • WZR-300HP firmware Ver.2.00
  • WZR-450HP firmware Ver.2.00
  • WZR-600DHP firmware Ver.2.00
  • WZR-D1100H firmware Ver.2.00
  • FS-HP-G300N firmware Ver.3.33
  • FS-600DHP firmware Ver.3.40
  • FS-R600DHP firmware Ver.3.40
  • FS-G300N firmware Ver.3.14

Vendor Status

Vendor Status Last Update Vendor Notes
BUFFALO INC. Vulnerable 2021/04/27 BUFFALO INC. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-3511
CVE-2021-3512
JVN iPedia

Update History

2021/04/30
Updated [Impact]