Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalotech | Bbr-4Hg Firmware | 1.02 |
| Buffalotech | Bbr-4Mg Firmware | 1.00 |
| Buffalotech | Bhr-4Rv Firmware | 2.31 |
| Buffalotech | Fs-G54 Firmware | 2.07 |
| Buffalotech | Wer-A54G54 Firmware | 1.00 |
| Buffalotech | Wer-Ag54 Firmware | 1.04 |
| Buffalotech | Wer-Am54G54 Firmware | 1.11 |
| Buffalotech | Wer-Amg54 Firmware | 1.11 |
| Buffalotech | Whr-Am54G54 Firmware | 1.30 |
| Buffalotech | Whr-Amg54 Firmware | 1.31 |
| Buffalotech | Whr-Ampg Firmware | 1.46 |
| Buffalotech | Whr-G Firmware | 1.46 |
| Buffalotech | Whr-G54S Firmware | 1.20 |
| Buffalotech | Whr-Hp-Ampg Firmware | 1.32 |
| Buffalotech | Whr-Hp-G Firmware | 1.46 |
| Buffalotech | Whr-Hp-G54 Firmware | 1.20 |
| Buffalotech | Wzr-Ampg144Nh Firmware | 1.47 |
| Buffalotech | Wzr-Ampg300Nh Firmware | 1.48 |
| Buffalotech | Wzr-G144N Firmware | 1.45 |
| Buffalotech | Wzr-G144Nh Firmware | 1.45 |
Related Weaknesses (CWE)
References
- http://buffalo.jp/support_s/20080808/csrf.html
- http://jvn.jp/en/jp/JVN50505257/index.html
- http://buffalo.jp/support_s/20080808/csrf.html
- http://jvn.jp/en/jp/JVN50505257/index.html
FAQ
What is CVE-2011-1324?
CVE-2011-1324 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2...
How severe is CVE-2011-1324?
CVE-2011-1324 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1324?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalotech Bbr-4Hg Firmware, Buffalotech Bbr-4Mg Firmware, Buffalotech Bhr-4Rv Firmware, Buffalotech Fs-G54 Firmware, Buffalotech Wer-A54G54 Firmware.