Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1324

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Published

2011-05-09T19:55:03.507

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	buffalotech	bbr-4hg_firmware	1.02	Yes
Application	buffalotech	bbr-4hg_firmware	1.04	Yes
Application	buffalotech	bbr-4hg_firmware	1.04	Yes
Application	buffalotech	bbr-4hg_firmware	1.10	Yes
Application	buffalotech	bbr-4hg_firmware	1.10	Yes
Application	buffalotech	bbr-4hg_firmware	1.11	Yes
Application	buffalotech	bbr-4hg_firmware	1.12	Yes
Application	buffalotech	bbr-4hg_firmware	1.20	Yes
Application	buffalotech	bbr-4hg_firmware	1.20	Yes
Application	buffalotech	bbr-4hg_firmware	1.30	Yes
Application	buffalotech	bbr-4hg_firmware	1.30	Yes
Application	buffalotech	bbr-4hg_firmware	1.31	Yes
Application	buffalotech	bbr-4hg_firmware	1.32	Yes
Application	buffalotech	bbr-4hg_firmware	1.32	Yes
Application	buffalotech	bbr-4hg_firmware	1.33	Yes
Application	buffalotech	bbr-4mg_firmware	1.00	Yes
Application	buffalotech	bbr-4mg_firmware	1.01	Yes
Application	buffalotech	bbr-4mg_firmware	1.03	Yes
Application	buffalotech	bbr-4mg_firmware	1.04	Yes
Application	buffalotech	bbr-4mg_firmware	1.04	Yes
Application	buffalotech	bbr-4mg_firmware	1.10	Yes
Application	buffalotech	bbr-4mg_firmware	1.10	Yes
Application	buffalotech	bbr-4mg_firmware	1.11	Yes
Application	buffalotech	bbr-4mg_firmware	1.12	Yes
Application	buffalotech	bbr-4mg_firmware	1.20	Yes
Application	buffalotech	bbr-4mg_firmware	1.20	Yes
Application	buffalotech	bbr-4mg_firmware	1.30	Yes
Application	buffalotech	bbr-4mg_firmware	1.30	Yes
Application	buffalotech	bbr-4mg_firmware	1.31	Yes
Application	buffalotech	bbr-4mg_firmware	1.32	Yes
Application	buffalotech	bbr-4mg_firmware	1.32	Yes
Application	buffalotech	bbr-4mg_firmware	1.33	Yes
Application	buffalotech	bbr-4mg_firmware	1.33	Yes
Application	buffalotech	bhr-4rv_firmware	2.31	Yes
Application	buffalotech	bhr-4rv_firmware	2.32	Yes
Application	buffalotech	bhr-4rv_firmware	2.33	Yes
Application	buffalotech	bhr-4rv_firmware	2.42	Yes
Application	buffalotech	bhr-4rv_firmware	2.46	Yes
Application	buffalotech	bhr-4rv_firmware	2.48	Yes
Application	buffalotech	fs-g54_firmware	2.07	Yes
Application	buffalotech	wer-a54g54_firmware	1.00	Yes
Application	buffalotech	wer-a54g54_firmware	1.01	Yes
Application	buffalotech	wer-a54g54_firmware	1.02	Yes
Application	buffalotech	wer-a54g54_firmware	1.03	Yes
Application	buffalotech	wer-a54g54_firmware	1.10	Yes
Application	buffalotech	wer-a54g54_firmware	1.12	Yes
Application	buffalotech	wer-a54g54_firmware	1.12	Yes
Application	buffalotech	wer-a54g54_firmware	1.13	Yes
Application	buffalotech	wer-ag54_firmware	1.04	Yes
Application	buffalotech	wer-ag54_firmware	1.12	Yes
Application	buffalotech	wer-ag54_firmware	1.12	Yes
Application	buffalotech	wer-am54g54_firmware	1.11	Yes
Application	buffalotech	wer-am54g54_firmware	1.12	Yes
Application	buffalotech	wer-am54g54_firmware	1.12	Yes
Application	buffalotech	wer-am54g54_firmware	1.13	Yes
Application	buffalotech	wer-am54g54_firmware	1.14	Yes
Application	buffalotech	wer-amg54_firmware	1.11	Yes
Application	buffalotech	wer-amg54_firmware	1.12	Yes
Application	buffalotech	wer-amg54_firmware	1.14	Yes
Application	buffalotech	whr-am54g54_firmware	1.30	Yes
Application	buffalotech	whr-am54g54_firmware	1.38	Yes
Application	buffalotech	whr-am54g54_firmware	1.40	Yes
Application	buffalotech	whr-am54g54_firmware	1.42	Yes
Application	buffalotech	whr-amg54_firmware	1.31	Yes
Application	buffalotech	whr-amg54_firmware	1.38	Yes
Application	buffalotech	whr-amg54_firmware	1.40	Yes
Application	buffalotech	whr-amg54_firmware	1.42	Yes
Application	buffalotech	whr-ampg_firmware	1.46	Yes
Application	buffalotech	whr-g_firmware	1.46	Yes
Application	buffalotech	whr-g54s_firmware	1.20	Yes
Application	buffalotech	whr-g54s_firmware	1.21	Yes
Application	buffalotech	whr-g54s_firmware	1.23	Yes
Application	buffalotech	whr-g54s_firmware	1.38	Yes
Application	buffalotech	whr-g54s_firmware	1.40	Yes
Application	buffalotech	whr-g54s_firmware	1.42	Yes
Application	buffalotech	whr-hp-ampg_firmware	1.32	Yes
Application	buffalotech	whr-hp-g_firmware	1.46	Yes
Application	buffalotech	whr-hp-g54_firmware	1.20	Yes
Application	buffalotech	whr-hp-g54_firmware	1.21	Yes
Application	buffalotech	whr-hp-g54_firmware	1.23	Yes
Application	buffalotech	whr-hp-g54_firmware	1.38	Yes
Application	buffalotech	whr-hp-g54_firmware	1.40	Yes
Application	buffalotech	whr-hp-g54_firmware	1.42	Yes
Application	buffalotech	wzr-ampg144nh_firmware	1.47	Yes
Application	buffalotech	wzr-ampg144nh_firmware	1.48	Yes
Application	buffalotech	wzr-ampg300nh_firmware	1.48	Yes
Application	buffalotech	wzr-g144n_firmware	1.45	Yes
Application	buffalotech	wzr-g144n_firmware	1.46	Yes
Application	buffalotech	wzr-g144n_firmware	1.47	Yes
Application	buffalotech	wzr-g144n_firmware	1.47	Yes
Application	buffalotech	wzr-g144nh_firmware	1.45	Yes
Application	buffalotech	wzr-g144nh_firmware	1.47	Yes
Application	buffalotech	wzr-g144nh_firmware	1.47	Yes
Application	buffalotech	wzr-g144nh_firmware	1.48	Yes
Application	buffalotech	wzr2-g300n_firmware	1.48	Yes
Application	buffalotech	wzr2-g300n_firmware	1.50	Yes
Hardware	buffalotech	as-100	*	Yes
Hardware	buffalotech	bbr-4hg	*	Yes
Hardware	buffalotech	bbr-4mg	*	Yes
Hardware	buffalotech	bhr-4rv	*	Yes
Hardware	buffalotech	fs-g54	*	Yes
Hardware	buffalotech	wer-a54g54	*	Yes
Hardware	buffalotech	wer-ag54	*	Yes
Hardware	buffalotech	wer-am54g54	*	Yes
Hardware	buffalotech	wer-amg54	*	Yes
Hardware	buffalotech	whr-am54g54	*	Yes
Hardware	buffalotech	whr-amg54	*	Yes
Hardware	buffalotech	whr-ampg	*	Yes
Hardware	buffalotech	whr-g	*	Yes
Hardware	buffalotech	whr-g54s	*	Yes
Hardware	buffalotech	whr-hp-ampg	*	Yes
Hardware	buffalotech	whr-hp-g	*	Yes
Hardware	buffalotech	whr-hp-g54	*	Yes
Hardware	buffalotech	wzr-ampg144nh	*	Yes
Hardware	buffalotech	wzr-ampg300nh	*	Yes
Hardware	buffalotech	wzr-g144n	*	Yes
Hardware	buffalotech	wzr-g144nh	*	Yes
Hardware	buffalotech	wzr2-g300n	*	Yes

References

http://buffalo.jp/support_s/20080808/csrf.html ([email protected])
http://jvn.jp/en/jp/JVN50505257/index.html ([email protected])
http://buffalo.jp/support_s/20080808/csrf.html (af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/en/jp/JVN50505257/index.html (af854a3a-2127-422b-91ae-364da2661108)