.. / CVE-2021-20091

Exploit for Buffalo WSR-2533DHPL2 - Configuration File Injection (CVE-2021-20091)

Description:

The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution.

Nuclei Template

View the template here CVE-2021-20091.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-20091.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://www.tenable.com/security/research/tra-2021-13
https://nvd.nist.gov/vuln/detail/CVE-2021-20091
https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

.. / CVE-2021-20091 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Buffalo WSR-2533DHPL2 - Configuration File Injection (CVE-2021-20091)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-20091