CVE & CISA-KEV Catalog

CVE-2021-3512

HIGH
8.8
CVSS v3
NVD

Description

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

How to fix

Remediation Available
bhr-4grv firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
dwr-hp-g300nh firmwareNVD
Affected:< 1.84Fixed in:1.84CVE-2021-3512derived from NVD
fs-600dhp firmwareNVD
Affected:< 3.40Fixed in:3.40CVE-2021-3512derived from NVD
fs-g300n firmwareNVD
Affected:< 3.14Fixed in:3.14CVE-2021-3512derived from NVD
fs-hp-g300n firmwareNVD
Affected:< 3.33Fixed in:3.33CVE-2021-3512derived from NVD
fs-r600dhp firmwareNVD
Affected:< 3.40Fixed in:3.40CVE-2021-3512derived from NVD
hw-450hp-zwe firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
whr-300 firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
whr-300hp firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
whr-g301n firmwareNVD
Affected:< 1.87Fixed in:1.87CVE-2021-3512derived from NVD
whr-hp-g300n firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
whr-hp-gn firmwareNVD
Affected:< 1.87Fixed in:1.87CVE-2021-3512derived from NVD
wpl-05g300 firmwareNVD
Affected:< 1.88Fixed in:1.88CVE-2021-3512derived from NVD
wzr-300hp firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-450hp-cwt firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-450hp-ub firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-450hp firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-600dhp firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-d1100h firmwareNVD
Affected:< 2.00Fixed in:2.00CVE-2021-3512derived from NVD
wzr-hp-ag300h firmwareNVD
Affected:< 1.76Fixed in:1.76CVE-2021-3512derived from NVD
wzr-hp-g300nh firmwareNVD
Affected:< 1.84Fixed in:1.84CVE-2021-3512derived from NVD
wzr-hp-g301nh firmwareNVD
Affected:< 1.84Fixed in:1.84CVE-2021-3512derived from NVD
wzr-hp-g302h firmwareNVD
Affected:< 1.86Fixed in:1.86CVE-2021-3512derived from NVD
wzr-hp-g450h firmwareNVD
Affected:< 1.90Fixed in:1.90CVE-2021-3512derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.86%probability of exploitation in 30 days
54thpercentile

Moderate risk: more likely to be exploited than 54% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1
Embed a live status badge for CVE-2021-3512
CVE-2021-3512 severity badge

Markdown

[![CVE-2021-3512](https://tridentstack.com/cve/badge/CVE-2021-3512.svg)](https://tridentstack.com/cve/CVE-2021-3512)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-3512"><img src="https://tridentstack.com/cve/badge/CVE-2021-3512.svg" alt="CVE-2021-3512"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.