Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1324

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1324
Last Modified 27 May 2011 12:00:00
Published 09 May 2011 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1324

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Vulnerable Systems

Application

  • Buffalotech Bbr-4hg Firmware 1.02

  • Buffalotech Bbr-4hg Firmware 1.04

  • Buffalotech Bbr-4hg Firmware 1.10

  • Buffalotech Bbr-4hg Firmware 1.11

  • Buffalotech Bbr-4hg Firmware 1.12

  • Buffalotech Bbr-4hg Firmware 1.20

  • Buffalotech Bbr-4hg Firmware 1.30

  • Buffalotech Bbr-4hg Firmware 1.31

  • Buffalotech Bbr-4hg Firmware 1.32

  • Buffalotech Bbr-4hg Firmware 1.33

  • Buffalotech Bbr-4mg Firmware 1.00

  • Buffalotech Bbr-4mg Firmware 1.01

  • Buffalotech Bbr-4mg Firmware 1.03

  • Buffalotech Bbr-4mg Firmware 1.04

  • Buffalotech Bbr-4mg Firmware 1.10

  • Buffalotech Bbr-4mg Firmware 1.11

  • Buffalotech Bbr-4mg Firmware 1.12

  • Buffalotech Bbr-4mg Firmware 1.20

  • Buffalotech Bbr-4mg Firmware 1.30

  • Buffalotech Bbr-4mg Firmware 1.31

  • Buffalotech Bbr-4mg Firmware 1.32

  • Buffalotech Bbr-4mg Firmware 1.33

  • Buffalotech Bhr-4rv Firmware 2.31

  • Buffalotech Bhr-4rv Firmware 2.32

  • Buffalotech Bhr-4rv Firmware 2.33

  • Buffalotech Bhr-4rv Firmware 2.42

  • Buffalotech Bhr-4rv Firmware 2.46

  • Buffalotech Bhr-4rv Firmware 2.48

  • Buffalotech Fs-g54 Firmware 2.07

  • Buffalotech Wer-a54g54 Firmware 1.00

  • Buffalotech Wer-a54g54 Firmware 1.01

  • Buffalotech Wer-a54g54 Firmware 1.02

  • Buffalotech Wer-a54g54 Firmware 1.03

  • Buffalotech Wer-a54g54 Firmware 1.10

  • Buffalotech Wer-a54g54 Firmware 1.12

  • Buffalotech Wer-a54g54 Firmware 1.13

  • Buffalotech Wer-ag54 Firmware 1.04

  • Buffalotech Wer-ag54 Firmware 1.12

  • Buffalotech Wer-am54g54 Firmware 1.11

  • Buffalotech Wer-am54g54 Firmware 1.12

  • Buffalotech Wer-am54g54 Firmware 1.13

  • Buffalotech Wer-am54g54 Firmware 1.14

  • Buffalotech Wer-amg54 Firmware 1.11

  • Buffalotech Wer-amg54 Firmware 1.12

  • Buffalotech Wer-amg54 Firmware 1.14

  • Buffalotech Whr-am54g54 Firmware 1.30

  • Buffalotech Whr-am54g54 Firmware 1.38

  • Buffalotech Whr-am54g54 Firmware 1.40

  • Buffalotech Whr-am54g54 Firmware 1.42

  • Buffalotech Whr-amg54 Firmware 1.31

  • Buffalotech Whr-amg54 Firmware 1.38

  • Buffalotech Whr-amg54 Firmware 1.40

  • Buffalotech Whr-amg54 Firmware 1.42

  • Buffalotech Whr-ampg Firmware 1.46

  • Buffalotech Whr-g Firmware 1.46

  • Buffalotech Whr-g54s Firmware 1.20

  • Buffalotech Whr-g54s Firmware 1.21

  • Buffalotech Whr-g54s Firmware 1.23

  • Buffalotech Whr-g54s Firmware 1.38

  • Buffalotech Whr-g54s Firmware 1.40

  • Buffalotech Whr-g54s Firmware 1.42

  • Buffalotech Whr-hp-ampg Firmware 1.32

  • Buffalotech Whr-hp-g Firmware 1.46

  • Buffalotech Whr-hp-g54 Firmware 1.20

  • Buffalotech Whr-hp-g54 Firmware 1.21

  • Buffalotech Whr-hp-g54 Firmware 1.23

  • Buffalotech Whr-hp-g54 Firmware 1.38

  • Buffalotech Whr-hp-g54 Firmware 1.40

  • Buffalotech Whr-hp-g54 Firmware 1.42

  • Buffalotech Wzr-ampg144nh Firmware 1.47

  • Buffalotech Wzr-ampg144nh Firmware 1.48

  • Buffalotech Wzr-ampg300nh Firmware 1.48

  • Buffalotech Wzr-g144n Firmware 1.45

  • Buffalotech Wzr-g144n Firmware 1.46

  • Buffalotech Wzr-g144n Firmware 1.47

  • Buffalotech Wzr-g144nh Firmware 1.45

  • Buffalotech Wzr-g144nh Firmware 1.47

  • Buffalotech Wzr-g144nh Firmware 1.48

  • Buffalotech Wzr2-g300n Firmware 1.48

  • Buffalotech Wzr2-g300n Firmware 1.50


References

JVN - JVN#50505257

CONFIRM - http://buffalo.jp/support_s/20080808/csrf.html


Last Updated: 27 May 2016 10:56:18