Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan.
During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware.
Please note that CVE-2021-20091 and CVE-2021-20092 have only been confirmed on Buffalo WSR-2533 models.
Path traversal vulnerability in the web interfaces of networking devices manufactured by Arcadyan, including Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24, could allow unauthenticated remote attackers to bypass authentication.This vulnerability has also been confirmed to affect the following devices
note: the firmware versions listed do not indicate the latest affected firmware versions, only the firmware versions on which the issue was confirmed.Please contact the devices’ respective vendors for more information.
Vendor | Device | Found on version |
ADB | ADSL wireless IAD router | 1.26S-R-3P |
Arcadyan | ARV7519 | 00.96.00.96.617ES |
Arcadyan | VRV9517 | 6.00.17 build04 |
Arcadyan | VGV7519 | 3.01.116 |
Arcadyan | VRV9518 | 1.01.00 build44 |
ASMAX | BBR-4MG / SMC7908 ADSL | 0.08 |
ASUS | DSL-AC88U (Arc VRV9517) | 1.10.05 build502 |
ASUS | DSL-AC87VG (Arc VRV9510) | 1.05.18 build305 |
ASUS | DSL-AC3100 | 1.10.05 build503 |
ASUS | DSL-AC68VG | 5.00.08 build272 |
Beeline | Smart Box Flash | 1.00.13_beta4 |
British Telecom | WE410443-SA | 1.02.12 build02 |
Buffalo | WSR-2533DHPL2 | 1.02 |
Buffalo | WSR-2533DHP3 | 1.24 |
Buffalo | BBR-4HG | |
Buffalo | BBR-4MG | 2.08 Release 0002 |
Buffalo | WSR-3200AX4S | 1.1 |
Buffalo | WSR-1166DHP2 | 1.15 |
Buffalo | WXR-5700AX7S | 1.11 |
Deutsche Telekom | Speedport Smart 3 | 010137.4.8.001.0 |
HughesNet | HT2000W | 0.10.10 |
KPN | ExperiaBox V10A (Arcadyan VRV9517) | 5.00.48 build453 |
KPN | VGV7519 | 3.01.116 |
O2 | HomeBox 6441 | 1.01.36 |
Orange | LiveBox Fibra (PRV3399) | 00.96.00.96.617ES |
Skinny | Smart Modem (Arcadyan VRV9517) | 6.00.16 build01 |
SparkNZ | Smart Modem (Arcadyan VRV9517) | 6.00.17 build04 |
Telecom (Argentina) | Arcadyan VRV9518VAC23-A-OS-AM | 1.01.00 build44 |
TelMex | PRV33AC | 1.31.005.0012 |
TelMex | VRV7006 | |
Telstra | Smart Modem Gen 2 (LH1000) | 0.13.01r |
Telus | WiFi Hub (PRV65B444A-S-TS) | v3.00.20 |
Telus | NH20A | 1.00.10debug build06 |
Verizon | Fios G3100 | 2.0.0.6 |
Vodafone | EasyBox 904 | 4.16 |
Vodafone | EasyBox 903 | 30.05.714 |
Vodafone | EasyBox 802 | 20.02.226 |
Further information available at – https://www.tenable.com/security/research/tra-2021-13
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.