CVE-2011-1324

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Affected products

• buffalotech / as-100
• buffalotech / bbr-4hg
• buffalotech / bbr-4hg_firmware1.10 – 1.10
• buffalotech / bbr-4hg_firmware1.04 – 1.04
• buffalotech / bbr-4hg_firmware1.04 – 1.04
• buffalotech / bbr-4hg_firmware1.02 – 1.02
• buffalotech / bbr-4hg_firmware1.12 – 1.12
• buffalotech / bbr-4hg_firmware1.20 – 1.20
• buffalotech / bbr-4hg_firmware1.20 – 1.20
• buffalotech / bbr-4hg_firmware1.30 – 1.30
• buffalotech / bbr-4hg_firmware1.30 – 1.30
• buffalotech / bbr-4hg_firmware1.31 – 1.31
• buffalotech / bbr-4hg_firmware1.32 – 1.32
• buffalotech / bbr-4hg_firmware1.32 – 1.32
• buffalotech / bbr-4hg_firmware1.33 – 1.33
• buffalotech / bbr-4hg_firmware1.10 – 1.10
• buffalotech / bbr-4hg_firmware1.11 – 1.11
• buffalotech / bbr-4mg
• buffalotech / bbr-4mg_firmware1.04 – 1.04
• buffalotech / bbr-4mg_firmware1.04 – 1.04
• buffalotech / bbr-4mg_firmware1.10 – 1.10
• buffalotech / bbr-4mg_firmware1.10 – 1.10
• buffalotech / bbr-4mg_firmware1.11 – 1.11
• buffalotech / bbr-4mg_firmware1.12 – 1.12
• buffalotech / bbr-4mg_firmware1.20 – 1.20
• buffalotech / bbr-4mg_firmware1.20 – 1.20
• buffalotech / bbr-4mg_firmware1.30 – 1.30
• buffalotech / bbr-4mg_firmware1.30 – 1.30
• buffalotech / bbr-4mg_firmware1.31 – 1.31
• buffalotech / bbr-4mg_firmware1.32 – 1.32
• buffalotech / bbr-4mg_firmware1.32 – 1.32
• buffalotech / bbr-4mg_firmware1.33 – 1.33
• buffalotech / bbr-4mg_firmware1.33 – 1.33
• buffalotech / bbr-4mg_firmware1.00 – 1.00
• buffalotech / bbr-4mg_firmware1.03 – 1.03
• buffalotech / bbr-4mg_firmware1.01 – 1.01
• buffalotech / bhr-4rv
• buffalotech / bhr-4rv_firmware2.32 – 2.32
• buffalotech / bhr-4rv_firmware2.31 – 2.31
• buffalotech / bhr-4rv_firmware2.33 – 2.33
• buffalotech / bhr-4rv_firmware2.42 – 2.42
• buffalotech / bhr-4rv_firmware2.46 – 2.46
• buffalotech / bhr-4rv_firmware2.48 – 2.48
• buffalotech / fs-g54
• buffalotech / fs-g54_firmware2.07 – 2.07
• buffalotech / wer-a54g54
• buffalotech / wer-a54g54_firmware1.12 – 1.12
• buffalotech / wer-a54g54_firmware1.13 – 1.13
• buffalotech / wer-a54g54_firmware1.03 – 1.03
• buffalotech / wer-a54g54_firmware1.10 – 1.10
• buffalotech / wer-a54g54_firmware1.12 – 1.12
• buffalotech / wer-a54g54_firmware1.02 – 1.02
• buffalotech / wer-a54g54_firmware1.01 – 1.01
• buffalotech / wer-a54g54_firmware1.00 – 1.00
• buffalotech / wer-ag54
• buffalotech / wer-ag54_firmware1.12 – 1.12
• buffalotech / wer-ag54_firmware1.12 – 1.12
• buffalotech / wer-ag54_firmware1.04 – 1.04
• buffalotech / wer-am54g54
• buffalotech / wer-am54g54_firmware1.12 – 1.12
• buffalotech / wer-am54g54_firmware1.14 – 1.14
• buffalotech / wer-am54g54_firmware1.11 – 1.11
• buffalotech / wer-am54g54_firmware1.12 – 1.12
• buffalotech / wer-am54g54_firmware1.13 – 1.13
• buffalotech / wer-amg54
• buffalotech / wer-amg54_firmware1.11 – 1.11
• buffalotech / wer-amg54_firmware1.14 – 1.14
• buffalotech / wer-amg54_firmware1.12 – 1.12
• buffalotech / whr-am54g54
• buffalotech / whr-am54g54_firmware1.30 – 1.30
• buffalotech / whr-am54g54_firmware1.38 – 1.38
• buffalotech / whr-am54g54_firmware1.40 – 1.40
• buffalotech / whr-am54g54_firmware1.42 – 1.42
• buffalotech / whr-amg54
• buffalotech / whr-amg54_firmware1.42 – 1.42
• buffalotech / whr-amg54_firmware1.40 – 1.40
• buffalotech / whr-amg54_firmware1.38 – 1.38
• buffalotech / whr-amg54_firmware1.31 – 1.31
• buffalotech / whr-ampg
• buffalotech / whr-ampg_firmware1.46 – 1.46
• buffalotech / whr-g
• buffalotech / whr-g54s
• buffalotech / whr-g54s_firmware1.40 – 1.40
• buffalotech / whr-g54s_firmware1.20 – 1.20
• buffalotech / whr-g54s_firmware1.38 – 1.38
• buffalotech / whr-g54s_firmware1.21 – 1.21
• buffalotech / whr-g54s_firmware1.23 – 1.23
• buffalotech / whr-g54s_firmware1.42 – 1.42
• buffalotech / whr-g_firmware1.46 – 1.46
• buffalotech / whr-hp-ampg
• buffalotech / whr-hp-ampg_firmware1.32 – 1.32
• buffalotech / whr-hp-g
• buffalotech / whr-hp-g54
• buffalotech / whr-hp-g54_firmware1.21 – 1.21
• buffalotech / whr-hp-g54_firmware1.20 – 1.20
• buffalotech / whr-hp-g54_firmware1.23 – 1.23
• buffalotech / whr-hp-g54_firmware1.38 – 1.38
• buffalotech / whr-hp-g54_firmware1.40 – 1.40
• buffalotech / whr-hp-g54_firmware1.42 – 1.42
• buffalotech / whr-hp-g_firmware1.46 – 1.46
• buffalotech / wzr2-g300n
• buffalotech / wzr2-g300n_firmware1.50 – 1.50
• buffalotech / wzr2-g300n_firmware1.48 – 1.48
• buffalotech / wzr-ampg144nh
• buffalotech / wzr-ampg144nh_firmware1.48 – 1.48
• buffalotech / wzr-ampg144nh_firmware1.47 – 1.47
• buffalotech / wzr-ampg300nh
• buffalotech / wzr-ampg300nh_firmware1.48 – 1.48
• buffalotech / wzr-g144n
• buffalotech / wzr-g144n_firmware1.46 – 1.46
• buffalotech / wzr-g144n_firmware1.47 – 1.47
• buffalotech / wzr-g144n_firmware1.47 – 1.47
• buffalotech / wzr-g144n_firmware1.45 – 1.45
• buffalotech / wzr-g144nh
• buffalotech / wzr-g144nh_firmware1.48 – 1.48
• buffalotech / wzr-g144nh_firmware1.45 – 1.45
• buffalotech / wzr-g144nh_firmware1.47 – 1.47
• buffalotech / wzr-g144nh_firmware1.47 – 1.47

References

• MISChttp://jvn.jp/en/jp/JVN50505257/index.html
• MISChttp://buffalo.jp/support_s/20080808/csrf.html