VDB

CVE-2021-20090

CVE-2021-20090 PUBLISHED KEV CVSS 7.5 HIGH

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

EPSS 94.40% · 100.0th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
94.40%
100.0th percentile

Affected Products

VendorProductVersions
buffalowsr-2533dhp3-bk_firmware0, 0, 0
n/aBuffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24, WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24
buffalowsr-2533dhpl2-bk_firmware0, 0, 0

Timeline

  • Apr 13, 2021 CVE Published
  • Apr 30, 2021 EPSS Score
  • Jul 3, 2021 EPSS Score
  • Aug 6, 2021 VulnCheck KEV Exploitation
  • Aug 24, 2021 VulnCheck KEV Exploitation
  • Sep 20, 2021 VulnCheck KEV Exploitation
  • Nov 3, 2021 CISA KEV Added
  • Nov 5, 2021 EPSS Score
  • Nov 8, 2021 PoC Published
  • Nov 20, 2021 PoC Published
  • Dec 17, 2021 VulnCheck KEV Exploitation
  • Jan 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›