Published: 09/05/2011 Updated: 27/05/2011

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote malicious users to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
buffalotech wer-a54g54 firmware 1.10
buffalotech wer-am54g54 firmware 1.14
buffalotech wer-am54g54 firmware 1.13
buffalotech wer-am54g54 firmware 1.12
buffalotech bbr-4hg firmware 1.10
buffalotech bbr-4hg firmware 1.30
buffalotech whr-am54g54 firmware 1.38
buffalotech wer-amg54 firmware 1.11
buffalotech wer-amg54 firmware 1.12
buffalotech wer-amg54 firmware 1.14
buffalotech bbr-4mg firmware 1.01
buffalotech bbr-4mg firmware 1.00
buffalotech bhr-4rv firmware 2.31
buffalotech bhr-4rv firmware 2.32
buffalotech bbr-4mg firmware 1.33
buffalotech whr-g firmware 1.46
buffalotech whr-hp-g firmware 1.46
buffalotech wer-ag54
buffalotech wer-am54g54
buffalotech whr-amg54
buffalotech whr-hp-ampg firmware 1.32
buffalotech wzr-g144nh firmware 1.48
buffalotech whr-g54s firmware 1.21
buffalotech wzr-g144n firmware 1.46
buffalotech wzr-g144n firmware 1.47
buffalotech wer-ag54 firmware 1.12
buffalotech wer-a54g54 firmware 1.00
buffalotech wer-a54g54 firmware 1.01
buffalotech whr-ampg firmware 1.46
buffalotech bbr-4hg firmware 1.04
buffalotech bbr-4hg firmware 1.32
buffalotech bbr-4hg firmware 1.31
buffalotech whr-amg54 firmware 1.31
buffalotech whr-amg54 firmware 1.38
buffalotech bbr-4mg firmware 1.20
buffalotech bbr-4mg firmware 1.12
buffalotech bbr-4mg firmware 1.11
buffalotech bbr-4mg firmware 1.10
buffalotech bbr-4mg firmware 1.31
buffalotech bbr-4mg firmware 1.30
buffalotech wzr-ampg144nh firmware 1.47
buffalotech wzr-ampg144nh
buffalotech wer-a54g54
buffalotech whr-am54g54
buffalotech whr-hp-ampg
buffalotech bbr-4hg
buffalotech whr-g54s firmware 1.40
buffalotech whr-hp-g54 firmware 1.21
buffalotech whr-hp-g54 firmware 1.20
buffalotech whr-hp-g54 firmware 1.38
buffalotech fs-g54 firmware 2.07
buffalotech as-100
buffalotech fs-g54
buffalotech bhr-4rv
buffalotech wzr-g144nh firmware 1.45
buffalotech wzr-g144nh firmware 1.47
buffalotech wer-ag54 firmware 1.04
buffalotech wer-a54g54 firmware 1.12
buffalotech wer-am54g54 firmware 1.11
buffalotech wer-a54g54 firmware 1.02
buffalotech bbr-4hg firmware 1.02
buffalotech bbr-4hg firmware 1.11
buffalotech bbr-4hg firmware 1.20
buffalotech bbr-4hg firmware 1.33
buffalotech whr-amg54 firmware 1.42
buffalotech whr-am54g54 firmware 1.42
buffalotech bhr-4rv firmware 2.33
buffalotech bhr-4rv firmware 2.46
buffalotech bbr-4mg firmware 1.04
buffalotech bbr-4mg firmware 1.32
buffalotech wzr2-g300n firmware 1.48
buffalotech wzr-ampg144nh firmware 1.48
buffalotech wer-amg54
buffalotech wzr2-g300n
buffalotech bbr-4mg
buffalotech whr-g54s
buffalotech whr-g54s firmware 1.38
buffalotech whr-g54s firmware 1.42
buffalotech whr-hp-g54 firmware 1.23
buffalotech whr-hp-g54 firmware 1.40
buffalotech whr-ampg
buffalotech wer-a54g54 firmware 1.13
buffalotech wer-a54g54 firmware 1.03
buffalotech bbr-4hg firmware 1.12
buffalotech whr-amg54 firmware 1.40
buffalotech whr-am54g54 firmware 1.40
buffalotech whr-am54g54 firmware 1.30
buffalotech bhr-4rv firmware 2.42
buffalotech bhr-4rv firmware 2.48
buffalotech bbr-4mg firmware 1.03
buffalotech wzr-ampg300nh firmware 1.48
buffalotech wzr2-g300n firmware 1.50
buffalotech wzr-g144n
buffalotech wzr-ampg300nh
buffalotech wzr-g144nh
buffalotech whr-hp-g54
buffalotech whr-g54s firmware 1.20
buffalotech whr-g54s firmware 1.23
buffalotech whr-hp-g54 firmware 1.42
buffalotech wzr-g144n firmware 1.45
buffalotech whr-hp-g
buffalotech whr-g

CWE-352 http://buffalo.jp/support_s/20080808/csrf.html http://jvn.jp/en/jp/JVN50505257/index.html https://nvd.nist.gov

Get Started

CVE-2011-1324

Vulnerability Summary

References

Vulmon Search

About

Products

Connect