CVEs-PoC/2021/CVE-2021-20090.md

### [CVE-2021-20090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090)
![](https://img.shields.io/static/v1?label=Product&message=Buffalo%20WSR-2533DHPL2%2C%20Buffalo%20WSR-2533DHP3&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=WSR-2533DHPL2%20%3C%3D1.02%2C%20WSR-2533DHP3%20%3C%3D%201.24%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal&color=brightgreen)

### Description

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

### POC

#### Reference
- https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/
- https://www.tenable.com/security/research/tra-2021-13

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/34zY/APT-Backpack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/DinoBytes/RVASec-2024-Consumer-Routers-Still-Suck
- https://github.com/HimmelAward/Goby_POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Threekiii/Awesome-POC
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Z0fhack/Goby_POC
- https://github.com/d4n-sec/d4n-sec.github.io