CVE-2021-20092
HIGH EXPLOITED NUCLEIBuffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware - Unauthenticated Sensitive Information Exposure
Title source: llmExploitation Summary
CVE-2021-20092 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
Nuclei Templates (1)
Buffalo WSR-2533DHPL2 - Improper Access Control
HIGHby gy741,pdteam,parth
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-13
Scores
CVSS v3
7.5
EPSS
0.0817
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2025-02-25
CWE
CWE-287
Status
published
Products (2)
buffalo/wsr-2533dhp3-bk_firmware
< 1.24
buffalo/wsr-2533dhpl2-bk_firmware
< 1.02
Published
Apr 29, 2021
Tracked Since
Feb 18, 2026