CVE-2011-1324

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://buffalo.jp/support_s/20080808/csrf.html
http://jvn.jp/en/jp/JVN50505257/index.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.14:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.13:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:beta::::::
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.38:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.11:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.14:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:beta::::::
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.00:::::::*
	cpe:2.3:a:buffalotech:whr-hp-g_firmware:1.46:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.01:beta::::::
	cpe:2.3:a:buffalotech:whr-ampg_firmware:1.46:::::::*
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.31:::::::*
	cpe:2.3:h:buffalotech:whr-amg54::::::::
	cpe:2.3:a:buffalotech:whr-hp-ampg_firmware:1.32:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.00:::::::*
	cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:beta::::::
	cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.48:::::::*
	cpe:2.3:h:buffalotech:wer-ag54::::::::
	cpe:2.3:a:buffalotech:whr-g_firmware:1.46:::::::*
	cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:beta::::::
	cpe:2.3:h:buffalotech:wer-am54g54::::::::
	cpe:2.3:a:buffalotech:whr-g54s_firmware:1.21:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.01:beta::::::
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.32:prebeta::::::
	cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.46:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:beta::::::
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.46:::::::*
	cpe:2.3:a:buffalotech:whr-amg54_firmware:1.42:::::::*
	cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.47:::::::*
	cpe:2.3:a:buffalotech:fs-g54_firmware:2.07:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.02:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.11:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.31:::::::*
	cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.11:beta::::::
	cpe:2.3:a:buffalotech:whr-g54s_firmware:1.40:::::::*
	cpe:2.3:a:buffalotech:whr-amg54_firmware:1.38:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.02:::::::*
	cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.21:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:::::::*
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.42:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:beta::::::
	cpe:2.3:h:buffalotech:wer-a54g54::::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.33:beta::::::
	cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.45:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.31:::::::*
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.33:prebeta::::::
	cpe:2.3:h:buffalotech:whr-am54g54::::::::
	cpe:2.3:h:buffalotech:fs-g54::::::::
	cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.38:::::::*
	cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.48:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.11:::::::*
	cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.20:::::::*
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:beta::::::
cpe:2.3:h:buffalotech:bhr-4rv::::::::
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:beta::::::
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:beta::::::
cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:::::::*
cpe:2.3:h:buffalotech:whr-hp-ampg::::::::
cpe:2.3:a:buffalotech:wer-ag54_firmware:1.04:::::::*
cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:::::::*
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:::::::*
cpe:2.3:h:buffalotech:wzr-ampg144nh::::::::
cpe:2.3:h:buffalotech:as-100::::::::
cpe:2.3:a:buffalotech:whr-amg54_firmware:1.31:::::::*
cpe:2.3:h:buffalotech:bbr-4hg::::::::
cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:::::::*
cpe:2.3:a:buffalotech:wzr-ampg300nh_firmware:1.48:::::::*
cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:beta::::::
cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.48:beta::::::
cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.03:::::::*
cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.40:::::::*
cpe:2.3:h:buffalotech:bbr-4mg::::::::
cpe:2.3:h:buffalotech:wzr-ampg300nh::::::::
cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.50:beta::::::
cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.48:::::::*
cpe:2.3:h:buffalotech:whr-hp-g54::::::::
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.40:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.20:::::::*
cpe:2.3:a:buffalotech:whr-amg54_firmware:1.40:::::::*
cpe:2.3:h:buffalotech:wzr-g144nh::::::::
cpe:2.3:h:buffalotech:whr-ampg::::::::
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.38:::::::*
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:::::::*
cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.42:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.23:::::::*
cpe:2.3:h:buffalotech:whr-g54s::::::::
cpe:2.3:h:buffalotech:wzr2-g300n::::::::
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.42:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.23:::::::*
cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:beta::::::
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:beta::::::
cpe:2.3:h:buffalotech:wzr-g144n::::::::
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.03:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.42:::::::*
cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.45:::::::*
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:::::::*
cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:::::::*
cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.13:::::::*
cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:beta::::::
cpe:2.3:h:buffalotech:whr-hp-g::::::::
cpe:2.3:h:buffalotech:wer-amg54::::::::
cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.30:::::::*
cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:beta::::::
cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:::::::*
cpe:2.3:h:buffalotech:whr-g::::::::
cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.12:::::::*

Information

Published : 2011-05-09 12:55

Updated : 2011-05-26 21:00

NVD link : CVE-2011-1324

Mitre link : CVE-2011-1324

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Products Affected

buffalotech

bhr-4rv
wer-amg54
wer-a54g54
bbr-4mg_firmware
whr-g54s
whr-hp-g_firmware
whr-hp-ampg
wzr-ampg144nh
wzr-ampg300nh_firmware
bbr-4hg_firmware
whr-g
wzr2-g300n_firmware
wer-a54g54_firmware
whr-g_firmware
wzr-g144nh_firmware
whr-hp-ampg_firmware
wer-am54g54
fs-g54_firmware
whr-amg54
wzr2-g300n
wzr-g144nh
whr-hp-g
fs-g54
whr-ampg
wer-amg54_firmware
wzr-g144n_firmware
wer-ag54_firmware
wer-ag54
bbr-4hg
whr-am54g54
wzr-g144n
bhr-4rv_firmware
bbr-4mg
whr-am54g54_firmware
whr-hp-g54
wzr-ampg300nh
whr-ampg_firmware
whr-hp-g54_firmware
wer-am54g54_firmware
wzr-ampg144nh_firmware
as-100
whr-amg54_firmware
whr-g54s_firmware

5.8 /10