CVE-2021-3511

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors.

CVSS v3 4.3 MEDIUM
CVSS v2.0 3.3 LOW

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://jvn.jp/en/vu/JVNVU99235714/index.html	Third Party Advisory
https://www.buffalo.jp/news/detail/20210427-01.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:buffalo:whr-g301n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-g301n:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-hp-g300n:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:buffalo:whr-hp-gn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:whr-hp-gn:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wpl-05g300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-ag300h:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-g300nh:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-g301nh:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-g302h:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-hp-g450h:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:buffalo:wzr-600dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:wzr-d1100h:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:buffalo:fs-hp-g300n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:fs-hp-g300n:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:fs-600dhp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:buffalo:fs-r600dhp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:fs-r600dhp:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:buffalo:fs-g300n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:fs-g300n:-:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-863~~	NVD-CWE-Other

12 May 2021, 17:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.3 v3 : 4.3
References	~~(MISC) https://jvn.jp/en/vu/JVNVU99235714/index.html -~~	(MISC) https://jvn.jp/en/vu/JVNVU99235714/index.html - Third Party Advisory
References	~~(MISC) https://www.buffalo.jp/news/detail/20210427-01.html -~~	(MISC) https://www.buffalo.jp/news/detail/20210427-01.html - Vendor Advisory
CWE		CWE-863
CPE		cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:::::::: cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:::::::: cpe:2.3:o:buffalo:whr-hp-gn_firmware:::::::: cpe:2.3:h:buffalo:wzr-450hp-cwt:-:::::::* cpe:2.3:h:buffalo:wzr-hp-g450h:-:::::::* cpe:2.3:h:buffalo:wzr-d1100h:-:::::::* cpe:2.3:h:buffalo:fs-hp-g300n:-:::::::* cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:::::::: cpe:2.3:h:buffalo:fs-r600dhp:-:::::::* cpe:2.3:o:buffalo:whr-hp-g300n_firmware:::::::: cpe:2.3:h:buffalo:wzr-300hp:-:::::::* cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:::::::: cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:::::::: cpe:2.3:h:buffalo:whr-300:-:::::::* cpe:2.3:o:buffalo:fs-hp-g300n_firmware:::::::: cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:::::::: cpe:2.3:o:buffalo:wzr-d1100h_firmware:::::::: cpe:2.3:h:buffalo:bhr-4grv:-:::::::* cpe:2.3:h:buffalo:hw-450hp-zwe:-:::::::* cpe:2.3:h:buffalo:wzr-450hp:-:::::::* cpe:2.3:h:buffalo:wzr-600dhp:-:::::::* cpe:2.3:o:buffalo:wzr-300hp_firmware:::::::: cpe:2.3:o:buffalo:wzr-600dhp_firmware:::::::: cpe:2.3:h:buffalo:wpl-05g300:-:::::::* cpe:2.3:h:buffalo:fs-600dhp:-:::::::* cpe:2.3:h:buffalo:whr-300hp:-:::::::* cpe:2.3:h:buffalo:whr-hp-gn:-:::::::* cpe:2.3:h:buffalo:fs-g300n:-:::::::* cpe:2.3:o:buffalo:wpl-05g300_firmware:::::::: cpe:2.3:h:buffalo:whr-g301n:-:::::::* cpe:2.3:h:buffalo:dwr-hp-g300nh:-:::::::* cpe:2.3:o:buffalo:whr-300hp_firmware:::::::: cpe:2.3:o:buffalo:bhr-4grv_firmware:::::::: cpe:2.3:h:buffalo:whr-hp-g300n:-:::::::* cpe:2.3:h:buffalo:wzr-hp-ag300h:-:::::::* cpe:2.3:h:buffalo:wzr-hp-g301nh:-:::::::* cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:::::::: cpe:2.3:h:buffalo:wzr-hp-g302h:-:::::::* cpe:2.3:o:buffalo:wzr-450hp_firmware:::::::: cpe:2.3:o:buffalo:fs-g300n_firmware:::::::: cpe:2.3:h:buffalo:wzr-450hp-ub:-:::::::* cpe:2.3:o:buffalo:fs-r600dhp_firmware:::::::: cpe:2.3:o:buffalo:fs-600dhp_firmware:::::::: cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:::::::: cpe:2.3:o:buffalo:whr-300_firmware:::::::: cpe:2.3:h:buffalo:wzr-hp-g300nh:-:::::::* cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:::::::: cpe:2.3:o:buffalo:whr-g301n_firmware::::::::

28 Apr 2021, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-04-28 01:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-3511

Mitre link : CVE-2021-3511

CVE.ORG link : CVE-2021-3511

JSON object : View

Products Affected

buffalo

wzr-600dhp
wzr-600dhp_firmware
whr-hp-g300n
wzr-hp-g302h_firmware
wpl-05g300
wzr-hp-g301nh
whr-hp-gn
fs-hp-g300n
whr-hp-gn_firmware
wzr-d1100h
fs-g300n_firmware
wzr-300hp_firmware
dwr-hp-g300nh
fs-600dhp
wzr-hp-g300nh
wzr-hp-g450h
hw-450hp-zwe
bhr-4grv
whr-hp-g300n_firmware
wzr-300hp
bhr-4grv_firmware
hw-450hp-zwe_firmware
wzr-hp-ag300h
whr-300
wzr-hp-g300nh_firmware
wzr-hp-ag300h_firmware
wzr-hp-g301nh_firmware
fs-600dhp_firmware
whr-300hp
whr-g301n_firmware
fs-g300n
wpl-05g300_firmware
wzr-d1100h_firmware
wzr-hp-g450h_firmware
whr-300hp_firmware
wzr-450hp_firmware
whr-300_firmware
wzr-450hp
wzr-450hp-cwt_firmware
fs-hp-g300n_firmware
fs-r600dhp_firmware
wzr-450hp-ub
wzr-450hp-ub_firmware
fs-r600dhp
dwr-hp-g300nh_firmware
wzr-hp-g302h
wzr-450hp-cwt
whr-g301n

CWE

NVD-CWE-Other

4.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3511

4.3^/10

3.3^/10

Attach tags to `CVE-2021-3511`