Vulnerability CVE-2011-1324


Published: 2011-05-09   Modified: 2012-02-13

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Buffalotech -> Bbr-4hg firmware 
Buffalotech -> Wzr-ampg144nh firmware 
Buffalotech -> Whr-ampg 
Buffalotech -> Bbr-4mg firmware 
Buffalotech -> Wzr-ampg300nh firmware 
Buffalotech -> Whr-g 
Buffalotech -> Bhr-4rv firmware 
Buffalotech -> Wzr-g144n firmware 
Buffalotech -> Whr-g54s 
Buffalotech -> Fs-g54 firmware 
Buffalotech -> Wzr-g144nh firmware 
Buffalotech -> Whr-hp-ampg 
Buffalotech -> Wer-a54g54 firmware 
Buffalotech -> Wzr2-g300n firmware 
Buffalotech -> Whr-hp-g 
Buffalotech -> Wer-ag54 firmware 
Buffalotech -> As-100 
Buffalotech -> Whr-hp-g54 
Buffalotech -> Wer-am54g54 firmware 
Buffalotech -> Bbr-4hg 
Buffalotech -> Wzr-ampg144nh 
Buffalotech -> Wer-amg54 firmware 
Buffalotech -> Bbr-4mg 
Buffalotech -> Wzr-ampg300nh 
Buffalotech -> Whr-am54g54 firmware 
Buffalotech -> Bhr-4rv 
Buffalotech -> Wzr-g144n 
Buffalotech -> Whr-amg54 firmware 
Buffalotech -> Fs-g54 
Buffalotech -> Wzr-g144nh 
Buffalotech -> Whr-ampg firmware 
Buffalotech -> Wer-a54g54 
Buffalotech -> Wzr2-g300n 
Buffalotech -> Whr-g54s firmware 
Buffalotech -> Wer-ag54 
Buffalotech -> Whr-g firmware 
Buffalotech -> Wer-am54g54 
Buffalotech -> Whr-hp-ampg firmware 
Buffalotech -> Wer-amg54 
Buffalotech -> Whr-hp-g54 firmware 
Buffalotech -> Whr-am54g54 
Buffalotech -> Whr-hp-g firmware 
Buffalotech -> Whr-amg54 

 References:
http://jvn.jp/en/jp/JVN50505257/index.html
http://buffalo.jp/support_s/20080808/csrf.html

Copyright 2020, cxsecurity.com

 

Back to Top