var-201105-0127
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. Successful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator's authentication request to modify settings, such as changing the login password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs-g54",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "2.07"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "1.45"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.00"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.21"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.48"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "whr-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "whr-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "whr-hp-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.42"
},
{
"model": "fs-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "as-100",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.13"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.50"
},
{
"model": "wzr-ampg300nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.21"
},
{
"model": "whr-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "whr-hp-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "whr-hp-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.01"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.32"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wzr-ampg300nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.33"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.02"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.45"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.14"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.31"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.02"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.33"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.00"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.03"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.23"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.01"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.03"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.46"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "whr-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.14"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.33"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.13"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.23"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "and other routers"
},
{
"model": "bhr-4rv",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-g",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-hp-g",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-ampg",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "fs-g54",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "as-100",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "technology wireless broadband router wbrg54",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.11"
},
{
"model": "technology whr-g54s",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.2"
},
{
"model": "technology wireless-n nfiniti wzr-hp-g300nh",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless-n nfiniti whr-g300n",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless-n nfiniti whr-g300u",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless broadband router wbrg54",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "technology airstation whr-g54s",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.2"
},
{
"model": "technology wireless-n nfiniti whr-hp-g300n",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:buffalo_inc:bbr-4hg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hirotaka Katagiri",
"sources": [
{
"db": "BID",
"id": "47893"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1324",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-1324",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-000025",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-49269",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1324",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2011-000025",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. \nSuccessful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator\u0027s authentication request to modify settings, such as changing the login password",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "VULHUB",
"id": "VHN-49269"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1324",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN50505257",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN#50505257",
"trust": 0.6
},
{
"db": "BID",
"id": "47893",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-49269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"id": "VAR-201105-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
}
],
"trust": 0.6615079433333333
},
"last_update_date": "2024-11-23T22:42:51.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple routers vulnerable to cross-site request forgery",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/20080808/csrf.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://jvn.jp/en/jp/jvn50505257/index.html"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/20080808/csrf.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1324"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn50505257"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1324"
},
{
"trust": 0.3,
"url": "http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-49269"
},
{
"date": "2011-05-17T00:00:00",
"db": "BID",
"id": "47893"
},
{
"date": "2011-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"date": "2011-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"date": "2011-05-09T19:55:03.507000",
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-49269"
},
{
"date": "2011-05-17T00:00:00",
"db": "BID",
"id": "47893"
},
{
"date": "2011-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"date": "2011-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-115"
},
{
"date": "2024-11-21T01:26:05.127000",
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Buffalo routers vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…