CVE-2011-1324

Buffalo WHR-WZR2-WZR-WER-BBR-AS-100 - CSRF

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN50505257/index.html
Various Sources x_refsource_confirm
http://buffalo.jp/support_s/20080808/csrf.html

Scores

EPSS 0.0047
EPSS Percentile 37.7%

Details

CWE
CWE-352
Status published
Products (39)
buffalotech/as-100
buffalotech/bbr-4hg
buffalotech/bbr-4hg_firmware 1.02
buffalotech/bbr-4hg_firmware 1.04 (2 CPE variants)
buffalotech/bbr-4hg_firmware 1.10 (2 CPE variants)
buffalotech/bbr-4hg_firmware 1.11 beta
buffalotech/bbr-4hg_firmware 1.12
buffalotech/bbr-4hg_firmware 1.20 (2 CPE variants)
buffalotech/bbr-4hg_firmware 1.30 (2 CPE variants)
buffalotech/bbr-4hg_firmware 1.31
... and 29 more
Published May 09, 2011
Tracked Since Feb 18, 2026