Is CVE-2021-20091 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Buffalo Wsr-2533dhpl2, Wsr-2533dhp3

Q: What is CVE-2021-20091?

CVE-2021-20091 is a vulnerability in Buffalo Wsr-2533dhpl2, Wsr-2533dhp3. Published 2021-04-29.

CVE-2021-20091

The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configur…

EPSS: 0.847 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Buffalo Wsr-2533dhpl2, Wsr-2533dhp3 — versions WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

www.tenable.com/security/research/tra-2021-13 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20091?: CVE-2021-20091 is a vulnerability in Buffalo Wsr-2533dhpl2, Wsr-2533dhp3. Published 2021-04-29.
Is CVE-2021-20091 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.