Details of VAR-201105-0127

ID

VAR-201105-0127

CVE

CVE-2011-1324

TITLE

Multiple Buffalo routers vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2011-000025

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. Successful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator's authentication request to modify settings, such as changing the login password

Trust: 1.98

sources: NVD: CVE-2011-1324 // JVNDB: JVNDB-2011-000025 // BID: 47893 // VULHUB: VHN-49269

AFFECTED PRODUCTS

vendor:	buffalotech	model:	fs-g54	scope:	eq	version:	2.07	Trust: 1.6
vendor:	buffalotech	model:	wzr-g144nh	scope:	eq	version:	1.45	Trust: 1.6
vendor:	buffalotech	model:	wzr-g144nh	scope:	eq	version:	1.47	Trust: 1.6
vendor:	buffalotech	model:	whr-hp-ampg	scope:	eq	version:	1.32	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.31	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.32	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-am54g54	scope:	eq	version:	1.42	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.38	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.30	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.23	Trust: 1.0
vendor:	buffalotech	model:	whr-g	scope:	eq	version:	1.46	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.48	Trust: 1.0
vendor:	buffalotech	model:	wer-amg54	scope:	eq	version:	1.11	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.01	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.42	Trust: 1.0
vendor:	buffalotech	model:	as-100	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.40	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144nh	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.33	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wzr-ampg144nh	scope:	eq	version:	1.47	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.10	Trust: 1.0
vendor:	buffalotech	model:	wzr-ampg300nh	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-amg54	scope:	eq	version:	1.38	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.11	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.40	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.31	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.04	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.03	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.31	Trust: 1.0
vendor:	buffalotech	model:	wzr2-g300n	scope:	eq	version:	1.48	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.20	Trust: 1.0
vendor:	buffalotech	model:	wer-am54g54	scope:	eq	version:	1.13	Trust: 1.0
vendor:	buffalotech	model:	whr-amg54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-amg54	scope:	eq	version:	1.42	Trust: 1.0
vendor:	buffalotech	model:	wzr2-g300n	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.01	Trust: 1.0
vendor:	buffalotech	model:	whr-am54g54	scope:	eq	version:	1.30	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.30	Trust: 1.0
vendor:	buffalotech	model:	wer-am54g54	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	wer-amg54	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wer-ag54	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	whr-g	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.02	Trust: 1.0
vendor:	buffalotech	model:	whr-ampg	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.20	Trust: 1.0
vendor:	buffalotech	model:	whr-am54g54	scope:	eq	version:	1.38	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.03	Trust: 1.0
vendor:	buffalotech	model:	wer-ag54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144n	scope:	eq	version:	1.47	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144nh	scope:	eq	version:	1.48	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.23	Trust: 1.0
vendor:	buffalotech	model:	fs-g54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wer-amg54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.00	Trust: 1.0
vendor:	buffalotech	model:	wzr-ampg300nh	scope:	eq	version:	1.48	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.32	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.11	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144n	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wer-am54g54	scope:	eq	version:	1.14	Trust: 1.0
vendor:	buffalotech	model:	wer-amg54	scope:	eq	version:	1.14	Trust: 1.0
vendor:	buffalotech	model:	whr-am54g54	scope:	eq	version:	1.40	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.04	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144n	scope:	eq	version:	1.45	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.38	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.10	Trust: 1.0
vendor:	buffalotech	model:	wzr2-g300n	scope:	eq	version:	1.50	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-amg54	scope:	eq	version:	1.31	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.42	Trust: 1.0
vendor:	buffalotech	model:	wer-am54g54	scope:	eq	version:	1.11	Trust: 1.0
vendor:	buffalotech	model:	whr-g54s	scope:	eq	version:	1.21	Trust: 1.0
vendor:	buffalotech	model:	wer-am54g54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-am54g54	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	wer-ag54	scope:	eq	version:	1.04	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.00	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.10	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.13	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.20	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-ampg	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.21	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.12	Trust: 1.0
vendor:	buffalotech	model:	wzr-ampg144nh	scope:	eq	version:	1.48	Trust: 1.0
vendor:	buffalotech	model:	whr-ampg	scope:	eq	version:	1.46	Trust: 1.0
vendor:	buffalotech	model:	wzr-g144n	scope:	eq	version:	1.46	Trust: 1.0
vendor:	buffalotech	model:	wzr-ampg144nh	scope:	eq	version:	*	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.42	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.33	Trust: 1.0
vendor:	buffalotech	model:	bbr-4hg	scope:	eq	version:	1.32	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g	scope:	eq	version:	1.46	Trust: 1.0
vendor:	buffalotech	model:	whr-hp-g54	scope:	eq	version:	1.20	Trust: 1.0
vendor:	buffalotech	model:	bbr-4mg	scope:	eq	version:	1.33	Trust: 1.0
vendor:	buffalotech	model:	whr-amg54	scope:	eq	version:	1.40	Trust: 1.0
vendor:	buffalotech	model:	wer-a54g54	scope:	eq	version:	1.02	Trust: 1.0
vendor:	buffalotech	model:	bhr-4rv	scope:	eq	version:	2.46	Trust: 1.0
vendor:	buffalo	model:	bbr-4hg	scope:	eq	version:	and other routers	Trust: 0.8
vendor:	buffalotech	model:	bhr-4rv	scope:	-	version:	-	Trust: 0.6
vendor:	buffalotech	model:	whr-g	scope:	-	version:	-	Trust: 0.6
vendor:	buffalotech	model:	whr-hp-g	scope:	-	version:	-	Trust: 0.6
vendor:	buffalotech	model:	whr-ampg	scope:	-	version:	-	Trust: 0.6
vendor:	buffalotech	model:	fs-g54	scope:	-	version:	-	Trust: 0.6
vendor:	buffalotech	model:	as-100	scope:	-	version:	-	Trust: 0.6
vendor:	buffalo	model:	technology wireless broadband router wbrg54	scope:	eq	version:	1.11	Trust: 0.3
vendor:	buffalo	model:	technology whr-g54s	scope:	eq	version:	1.2	Trust: 0.3
vendor:	buffalo	model:	technology wireless-n nfiniti wzr-hp-g300nh	scope:	-	version:	-	Trust: 0.3
vendor:	buffalo	model:	technology wireless-n nfiniti whr-g300n	scope:	-	version:	-	Trust: 0.3
vendor:	buffalo	model:	technology wireless-n nfiniti whr-g300u	scope:	-	version:	-	Trust: 0.3
vendor:	buffalo	model:	technology wireless broadband router wbrg54	scope:	eq	version:	1.13	Trust: 0.3
vendor:	buffalo	model:	technology airstation whr-g54s	scope:	eq	version:	1.2	Trust: 0.3
vendor:	buffalo	model:	technology wireless-n nfiniti whr-hp-g300n	scope:	-	version:	-	Trust: 0.3

sources: BID: 47893 // JVNDB: JVNDB-2011-000025 // CNNVD: CNNVD-201105-115 // NVD: CVE-2011-1324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1324
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000025
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201105-115
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-49269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-1324
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2011-000025
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-49269
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-49269 // JVNDB: JVNDB-2011-000025 // CNNVD: CNNVD-201105-115 // NVD: CVE-2011-1324

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-49269 // JVNDB: JVNDB-2011-000025 // NVD: CVE-2011-1324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-115

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201105-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000025

PATCH

title:

Multiple routers vulnerable to cross-site request forgery

url:

http://buffalo.jp/support_s/20080808/csrf.html

Trust: 0.8

sources: JVNDB: JVNDB-2011-000025

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1324	Trust: 2.8
db:	JVN	id:	JVN50505257	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-000025	Trust: 0.8
db:	CNNVD	id:	CNNVD-201105-115	Trust: 0.7
db:	JVN	id:	JVN#50505257	Trust: 0.6
db:	BID	id:	47893	Trust: 0.4
db:	VULHUB	id:	VHN-49269	Trust: 0.1

sources: VULHUB: VHN-49269 // BID: 47893 // JVNDB: JVNDB-2011-000025 // CNNVD: CNNVD-201105-115 // NVD: CVE-2011-1324

REFERENCES

url:	http://jvn.jp/en/jp/jvn50505257/index.html	Trust: 2.0
url:	http://buffalo.jp/support_s/20080808/csrf.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1324	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn50505257	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1324	Trust: 0.8
url:	http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/	Trust: 0.3

sources: VULHUB: VHN-49269 // BID: 47893 // JVNDB: JVNDB-2011-000025 // CNNVD: CNNVD-201105-115 // NVD: CVE-2011-1324

CREDITS

Hirotaka Katagiri

Trust: 0.3

sources: BID: 47893

SOURCES

db:	VULHUB	id:	VHN-49269
db:	BID	id:	47893
db:	JVNDB	id:	JVNDB-2011-000025
db:	CNNVD	id:	CNNVD-201105-115
db:	NVD	id:	CVE-2011-1324

LAST UPDATE DATE

2025-04-11T23:10:01.447000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-49269	date:	2011-05-27T00:00:00
db:	BID	id:	47893	date:	2011-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2011-000025	date:	2011-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201105-115	date:	2011-05-10T00:00:00
db:	NVD	id:	CVE-2011-1324	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-49269	date:	2011-05-09T00:00:00
db:	BID	id:	47893	date:	2011-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2011-000025	date:	2011-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201105-115	date:	2011-05-10T00:00:00
db:	NVD	id:	CVE-2011-1324	date:	2011-05-09T19:55:03.507