Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN50505257/index.html
Various Sources x_refsource_confirm
http://buffalo.jp/support_s/20080808/csrf.html
Scores
EPSS
0.0047
EPSS Percentile
37.7%
Details
CWE
CWE-352
Status
published
Products (39)
buffalotech/as-100
buffalotech/bbr-4hg
buffalotech/bbr-4hg_firmware
1.02
buffalotech/bbr-4hg_firmware
1.04 (2 CPE variants)
buffalotech/bbr-4hg_firmware
1.10 (2 CPE variants)
buffalotech/bbr-4hg_firmware
1.11 beta
buffalotech/bbr-4hg_firmware
1.12
buffalotech/bbr-4hg_firmware
1.20 (2 CPE variants)
buffalotech/bbr-4hg_firmware
1.30 (2 CPE variants)
buffalotech/bbr-4hg_firmware
1.31
... and 29 more
Published
May 09, 2011
Tracked Since
Feb 18, 2026