CVE-2021-3512

Name: CVE-2021-3512
Creator: NVD / NIST
Published: 2021-04-28T01:15:17.187+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.86%

Last modified Jun 17, 2026

CVE-2021-3512 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.

Description

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.86%

53.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Buffalo	Bhr-4grv Firmware	< 2.00
Buffalo	Dwr-Hp-G300nh Firmware	< 1.84
Buffalo	Hw-450hp-Zwe Firmware	< 2.00
Buffalo	Whr-300hp Firmware	< 2.00
Buffalo	Whr-300 Firmware	< 2.00
Buffalo	Whr-G301n Firmware	< 1.87
Buffalo	Whr-Hp-G300n Firmware	< 2.00
Buffalo	Whr-Hp-Gn Firmware	< 1.87
Buffalo	Wpl-05g300 Firmware	< 1.88
Buffalo	Wzr-450hp-Cwt Firmware	< 2.00
Buffalo	Wzr-450hp-Ub Firmware	< 2.00
Buffalo	Wzr-Hp-Ag300h Firmware	< 1.76
Buffalo	Wzr-Hp-G300nh Firmware	< 1.84
Buffalo	Wzr-Hp-G301nh Firmware	< 1.84
Buffalo	Wzr-Hp-G302h Firmware	< 1.86
Buffalo	Wzr-Hp-G450h Firmware	< 1.90
Buffalo	Wzr-300hp Firmware	< 2.00
Buffalo	Wzr-450hp Firmware	< 2.00
Buffalo	Wzr-600dhp Firmware	< 2.00
Buffalo	Wzr-D1100h Firmware	< 2.00
Buffalo	Fs-Hp-G300n Firmware	< 3.33
Buffalo	Fs-600dhp Firmware	< 3.40
Buffalo	Fs-R600dhp Firmware	< 3.40
Buffalo	Fs-G300n Firmware	< 3.14

References

https://jvn.jp/en/vu/JVNVU99235714/index.htmlThird Party Advisory
https://www.buffalo.jp/news/detail/20210427-01.htmlVendor Advisory
https://jvn.jp/en/vu/JVNVU99235714/index.htmlThird Party Advisory
https://www.buffalo.jp/news/detail/20210427-01.htmlVendor Advisory

Timeline

Published: Apr 28, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-3512?

How severe is CVE-2021-3512?

CVE-2021-3512 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.86% probability of exploitation in the next 30 days.

How do I fix CVE-2021-3512?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-3512?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST