Vulnerability in Arcadyan router software-affects Buffalo products

A vulnerability has been identified in the Arcadyan software used in router products from multiple vendors.

The directory traversal vulnerability "CVE-2021-20090" has been revealed. If the vulnerability is exploited, authentication may be evaded, confidential information such as access tokens may be stolen, and settings may be changed. Tenable, which reported the vulnerability, evaluated the base score of the common vulnerability evaluation system "CVSS v3" as "8.1".

Not only Arcadyan products, but also ASUS, Deutsche Telekom, Verizon and other vendors equipped with the software are affected, and 7 Buffalo products are affected by the vulnerability among domestic manufacturers.

Regarding Buffalo's "WSR-2533DHPL2" and "WSR-2533DHP3", in addition to the same vulnerability, the code injection vulnerability "CVE-2021-20091" and the access control defect "CVE-2021-20092" Etc. are also clear.

Arcadyan releases firmware. Buffalo has released firmware updates for two products. We are also preparing firmware for other affected products, and are calling for the implementation of mitigation measures until provision.

(Security NEXT --2021/07/30) Tweet

Related Links

PR

Related article

"Firefox" urgent update-fixes multiple zero-day vulnerabilities Multiple serious vulnerabilities in "Cisco Expressway" and "Cisco TelePresence VCS" Denied servicing in macOS version "Norton Security" Used in calling apps and PBX Multiple vulnerabilities in library "PJSIP" 5 vulnerabilities in XML parser library "Expat" --Vulnerability in "VMware Tools" for Windows with severity "Critical" --Update released Google releases "Chrome 99" --28 Security fix is ​​implemented. Highly urgent vulnerability in trend server anti-malware products. Risk of elevation of authority to "Mozilla VPN" --Updates are released Multiple vulnerabilities in trend corporate endpoint products