CVE-2011-1324 - Vulnerability Details

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00116.

Key SSVC decision points have not yet been added.

Vendors	Products
Buffalotech Subscribe	As-100 Subscribe Bbr-4hg Subscribe Bbr-4hg Firmware Subscribe Bbr-4mg Subscribe Bbr-4mg Firmware Subscribe Bhr-4rv Subscribe Bhr-4rv Firmware Subscribe Fs-g54 Subscribe Fs-g54 Firmware Subscribe Wer-a54g54 Subscribe Wer-a54g54 Firmware Subscribe Wer-ag54 Subscribe Wer-ag54 Firmware Subscribe Wer-am54g54 Subscribe Wer-am54g54 Firmware Subscribe Wer-amg54 Subscribe Wer-amg54 Firmware Subscribe Whr-am54g54 Subscribe Whr-am54g54 Firmware Subscribe Whr-amg54 Subscribe Whr-amg54 Firmware Subscribe Whr-ampg Subscribe Whr-ampg Firmware Subscribe Whr-g Subscribe Whr-g54s Subscribe Whr-g54s Firmware Subscribe Whr-g Firmware Subscribe Whr-hp-ampg Subscribe Whr-hp-ampg Firmware Subscribe Whr-hp-g Subscribe Whr-hp-g54 Subscribe Whr-hp-g54 Firmware Subscribe Whr-hp-g Firmware Subscribe Wzr-ampg144nh Subscribe Wzr-ampg144nh Firmware Subscribe Wzr-ampg300nh Subscribe Wzr-ampg300nh Firmware Subscribe Wzr-g144n Subscribe Wzr-g144n Firmware Subscribe Wzr-g144nh Subscribe Wzr-g144nh Firmware Subscribe Wzr2-g300n Subscribe Wzr2-g300n Firmware Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.02:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.11:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.31:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:::::::*
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:beta::::::
	cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.33:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.00:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.01:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.03:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.11:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.31:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:beta::::::
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:::::::*
	cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:beta::::::
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.31:::::::*
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.32:prebeta::::::
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.33:prebeta::::::
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.42:::::::*
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.46:::::::*
	cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.48:::::::*
	cpe:2.3:a:buffalotech:fs-g54_firmware:2.07:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.00:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.01:beta::::::
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.02:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.03:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.10:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:beta::::::
	cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.13:::::::*
	cpe:2.3:a:buffalotech:wer-ag54_firmware:1.04:::::::*
	cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:beta::::::
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.11:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:beta::::::
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.13:::::::*
	cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.14:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.11:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.12:::::::*
	cpe:2.3:a:buffalotech:wer-amg54_firmware:1.14:::::::*
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.30:::::::*
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.38:::::::*
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.40:::::::*
	cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.42:::::::*
	cpe:2.3:a:buffalotech:whr-amg54_firmware:1.31:::::::*
cpe:2.3:a:buffalotech:whr-amg54_firmware:1.38:::::::*
cpe:2.3:a:buffalotech:whr-amg54_firmware:1.40:::::::*
cpe:2.3:a:buffalotech:whr-amg54_firmware:1.42:::::::*
cpe:2.3:a:buffalotech:whr-ampg_firmware:1.46:::::::*
cpe:2.3:a:buffalotech:whr-g_firmware:1.46:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.20:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.21:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.23:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.38:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.40:::::::*
cpe:2.3:a:buffalotech:whr-g54s_firmware:1.42:::::::*
cpe:2.3:a:buffalotech:whr-hp-ampg_firmware:1.32:::::::*
cpe:2.3:a:buffalotech:whr-hp-g_firmware:1.46:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.20:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.21:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.23:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.38:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.40:::::::*
cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.42:::::::*
cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.47:::::::*
cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.48:beta::::::
cpe:2.3:a:buffalotech:wzr-ampg300nh_firmware:1.48:::::::*
cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.45:::::::*
cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.46:beta::::::
cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:::::::*
cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:beta::::::
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.45:::::::*
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:::::::*
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:beta::::::
cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.48:::::::*
cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.48:::::::*
cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.50:beta::::::
cpe:2.3:h:buffalotech:as-100::::::::
cpe:2.3:h:buffalotech:bbr-4hg::::::::
cpe:2.3:h:buffalotech:bbr-4mg::::::::
cpe:2.3:h:buffalotech:bhr-4rv::::::::
cpe:2.3:h:buffalotech:fs-g54::::::::
cpe:2.3:h:buffalotech:wer-a54g54::::::::
cpe:2.3:h:buffalotech:wer-ag54::::::::
cpe:2.3:h:buffalotech:wer-am54g54::::::::
cpe:2.3:h:buffalotech:wer-amg54::::::::
cpe:2.3:h:buffalotech:whr-am54g54::::::::
cpe:2.3:h:buffalotech:whr-amg54::::::::
cpe:2.3:h:buffalotech:whr-ampg::::::::
cpe:2.3:h:buffalotech:whr-g::::::::
cpe:2.3:h:buffalotech:whr-g54s::::::::
cpe:2.3:h:buffalotech:whr-hp-ampg::::::::
cpe:2.3:h:buffalotech:whr-hp-g::::::::
cpe:2.3:h:buffalotech:whr-hp-g54::::::::
cpe:2.3:h:buffalotech:wzr-ampg144nh::::::::
cpe:2.3:h:buffalotech:wzr-ampg300nh::::::::
cpe:2.3:h:buffalotech:wzr-g144n::::::::
cpe:2.3:h:buffalotech:wzr-g144nh::::::::
cpe:2.3:h:buffalotech:wzr2-g300n::::::::

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2011-1332	Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://buffalo.jp/support_s/20080808/csrf.html
http://jvn.jp/en/jp/JVN50505257/index.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2011-05-09T19:00:00Z

Updated: 2024-09-17T03:22:31.307Z

Reserved: 2011-03-09T00:00:00Z

Link: CVE-2011-1324

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-05-09T19:55:03.507

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-1324

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object