critical
10
Advisory Published
Updated

CVE-2021-20716

First published: Wed Apr 28 2021(Updated: )

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Arcadyan Buffalo Firmware<=2.55
Buffalo BHR-4RV Firmware
Arcadyan Buffalo Firmware<=2.04
Buffalo Tech FS-G54
Arcadyan Buffalo Firmware<=2.32
Buffalo WBR2-B11 firmware
Buffalo WBR2-G54<=2.32
Buffalo WBR2-G54-KD
Buffalo WBR2-G54<=2.32
Buffalo WBR2-G54
Arcadyan Buffalo Firmware<=2.23
Buffalo WBR-B11 firmware
Buffalo WBR-G54 Firmware<=2.23
Buffalo WBR-G54 firmware
Buffalo WBR-G54L<=2.20
Buffalo WBR-G54L firmware
Buffalo WHR2-A54G54<=2.25
Buffalo WHR2-A54G54 firmware
Buffalo WHR2-G54V firmware<=2.23
Buffalo WHR2-G54V
Buffalo WHR2-G54V firmware<=2.55
Buffalo WHR2-G54V firmware
Buffalo WHR3-AG54<=2.23
Buffalo WHR3-AG54 firmware
Buffalo WHR-G Firmware<=2.16
Buffalo WHR-G54 firmware
Buffalo WHR-G54-NF firmware<=2.10
Buffalo WHR-G54-NF firmware
Buffalo WLA2-G54 firmware<=2.24
Buffalo WLA2-G54 firmware
Buffalo WLA2-G54C firmware<=2.24
Buffalo WLA2-G54
Arcadyan Buffalo Firmware<=2.20
Buffalo WLA-B11 firmware
Buffalo WLA-G54C<=2.20
Buffalo WLA-G54 firmware
Buffalo WLA-G54C<=2.20
Buffalo WLA-G54C firmware
Buffalo WLAH-A54G54<=2.54
Buffalo WLAH-A54G54 firmware
Buffalo WLAH-AM54G54<=2.54
Buffalo WLAH-AM54G54 firmware
Buffalo WLAH-G54<=2.54
Buffalo WLAH-G54 firmware
Buffalo WLI2-TX1-AG54 firmware<=2.53
Buffalo WLI2-TX1-AG54 firmware
Buffalo WLI2-TX1-AMG54<=2.53
Buffalo WLI2-TX1-AMG54 firmware
Buffalo WLI2-TX1-G54<=2.20
Buffalo WLI2-TX1-AG54
Buffalo WLI3-TX1-AMG54<=2.53
Buffalo WLI3-TX1-AMG54 firmware
Buffalo WLI3-TX1-G54<=2.53
Buffalo WLI3-TX1-G54 firmware
Buffalo WLI-T1-B11<=2.20
Buffalo WLI-T1-B11 firmware
Buffalo WLI-TX1-G54<=2.20
Buffalo WLI-TX1-G54 firmware
Buffalo WVR-G54-NF firmware<=2.02
Buffalo WVR-G54-NF firmware
Buffalo WZR-G108<=2.41
Buffalo WZR-G108 firmware
Buffalo WZR-G54 firmware<=2.41
Buffalo WZR-G54
Buffalo WZR-HP-G54<=2.41
Buffalo WZR-HP-G54 firmware
Buffalo WZR-G54 firmware<=2.55
Buffalo WZR-G54 firmware
Buffalo WZR-RS-G54HP<=2.55
Buffalo WZR-RS-G54HP firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-20716?

    CVE-2021-20716 is classified as a high severity vulnerability due to its potential for allowing unauthorized access to device functionality.

  • How do I fix CVE-2021-20716?

    To mitigate CVE-2021-20716, update the affected Buffalo network device firmware to the latest version beyond the vulnerable releases.

  • Which devices are affected by CVE-2021-20716?

    CVE-2021-20716 affects various Buffalo network devices, including BHR-4RV, FS-G54, WBR2-B11, WBR2-G54, and others with specific firmware versions.

  • What potential risks are associated with CVE-2021-20716?

    Exploitation of CVE-2021-20716 could allow attackers to access hidden functionalities, which may lead to unauthorized control or data breaches.

  • Is there a workaround for CVE-2021-20716 if I can't update immediately?

    Disabling remote access and restricting network access to the device can serve as a temporary workaround for CVE-2021-20716 until a firmware update can be applied.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203