high
8.8
Advisory Published
Updated

CVE-2021-3512

First published: Wed Apr 28 2021(Updated: )

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Arcadyan Buffalo Firmware<2.00
Buffalo BHR-4GRV firmware
Buffalo DWR-HP-G300NH<1.84
Buffalo DWR-HP-G300NH firmware
Buffalo HW-450HP-ZWE<2.00
Buffalo HW-450HP-ZWE firmware
Buffalo WHR-300HP firmware<2.00
Buffalo WHR-300HP2
Arcadyan Buffalo Firmware<2.00
Buffalo WHR-300
Buffalo WHR-G301N<1.87
Buffalo WHR-G301N firmware
Buffalo WHR-HP-G300N<2.00
Buffalo WHR-HP-G300N firmware
Buffalo WHR-HP-GN Firmware<1.87
Buffalo WHR-HP-GN firmware
Buffalo WPL-05G300<1.88
Buffalo WPL-05G300 firmware
Buffalo WZR-450HP<2.00
Buffalo WZR-450HP
Buffalo WZR-450HP firmware<2.00
Buffalo WZR-450HP-UB firmware
Buffalo WZR-HP-AG300H<1.76
Buffalo WZR-HP-AG300H firmware
Buffalo WZR-HP-G300NH firmware<1.84
Buffalo WZR-HP-G300NH firmware
Buffalo WZR-HP-G301NH<1.84
Buffalo WZR-HP-G301NH firmware
Buffalo WZR-HP-G302H<1.86
Buffalo WZR-HP-G302H firmware
Buffalo WZR-HP-G450H<1.90
Buffalo WZR-HP-G450H firmware
Buffalo WZR-300HP firmware<2.00
Buffalo WZR-300HP firmware
Buffalo WZR-450HP<2.00
Buffalo WZR-450HP firmware
Buffalo WZR-600DHP firmware<2.00
BUFFALO wireless LAN routers
Buffalo WZR-D1100H<2.00
Buffalo WZR-D1100H firmware
Buffalo FS-HP-G300N firmware<3.33
Buffalo FS-HP-G300N firmware
Arcadyan Buffalo Firmware<3.40
Buffalo FS-600DHP firmware
Buffalo FS-R600DHP<3.40
Buffalo FS-R600DHP firmware
Buffalo FS-G300N<3.14
Buffalo FS-G300N firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2021-3512.

  • What is the severity of CVE-2021-3512?

    The severity of CVE-2021-3512 is high with a severity value of 8.8.

  • Which Buffalo broadband routers are affected by CVE-2021-3512?

    Buffalo broadband routers including BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, and WHR-G301N firmware Ver.1.86 and prior are affected by CVE-2021-3512.

  • What is the description of CVE-2021-3512?

    CVE-2021-3512 is an improper access control vulnerability in Buffalo broadband routers.

  • Are Buffalo BHR-4GRV routers vulnerable to CVE-2021-3512?

    Yes, Buffalo BHR-4GRV routers with firmware Ver.1.99 and prior are vulnerable to CVE-2021-3512.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203