Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-1324
cve-2011-1324
cross-site request forgery
csrf
buffalo
routers
firmware vulnerability
remote authentication hijacking
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
34.2%
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
Affected configurations
Node
buffalotechbbr-4hg_firmwareMatch1.02
ORbuffalotechbbr-4hg_firmwareMatch1.04
ORbuffalotechbbr-4hg_firmwareMatch1.04beta
ORbuffalotechbbr-4hg_firmwareMatch1.10
ORbuffalotechbbr-4hg_firmwareMatch1.10beta
ORbuffalotechbbr-4hg_firmwareMatch1.11beta
ORbuffalotechbbr-4hg_firmwareMatch1.12
ORbuffalotechbbr-4hg_firmwareMatch1.20
ORbuffalotechbbr-4hg_firmwareMatch1.20beta
ORbuffalotechbbr-4hg_firmwareMatch1.30
ORbuffalotechbbr-4hg_firmwareMatch1.30beta
ORbuffalotechbbr-4hg_firmwareMatch1.31
ORbuffalotechbbr-4hg_firmwareMatch1.32
ORbuffalotechbbr-4hg_firmwareMatch1.32beta
ORbuffalotechbbr-4hg_firmwareMatch1.33beta
ORbuffalotechbbr-4mg_firmwareMatch1.00
ORbuffalotechbbr-4mg_firmwareMatch1.01beta
ORbuffalotechbbr-4mg_firmwareMatch1.03
ORbuffalotechbbr-4mg_firmwareMatch1.04
ORbuffalotechbbr-4mg_firmwareMatch1.04beta
ORbuffalotechbbr-4mg_firmwareMatch1.10
ORbuffalotechbbr-4mg_firmwareMatch1.10beta
ORbuffalotechbbr-4mg_firmwareMatch1.11beta
ORbuffalotechbbr-4mg_firmwareMatch1.12
ORbuffalotechbbr-4mg_firmwareMatch1.20
ORbuffalotechbbr-4mg_firmwareMatch1.20beta
ORbuffalotechbbr-4mg_firmwareMatch1.30
ORbuffalotechbbr-4mg_firmwareMatch1.30beta
ORbuffalotechbbr-4mg_firmwareMatch1.31
ORbuffalotechbbr-4mg_firmwareMatch1.32
ORbuffalotechbbr-4mg_firmwareMatch1.32beta
ORbuffalotechbbr-4mg_firmwareMatch1.33
ORbuffalotechbbr-4mg_firmwareMatch1.33beta
ORbuffalotechbhr-4rv_firmwareMatch2.31
ORbuffalotechbhr-4rv_firmwareMatch2.32prebeta
ORbuffalotechbhr-4rv_firmwareMatch2.33prebeta
ORbuffalotechbhr-4rv_firmwareMatch2.42
ORbuffalotechbhr-4rv_firmwareMatch2.46
ORbuffalotechbhr-4rv_firmwareMatch2.48
ORbuffalotechfs-g54_firmwareMatch2.07
ORbuffalotechwer-a54g54_firmwareMatch1.00
ORbuffalotechwer-a54g54_firmwareMatch1.01beta
ORbuffalotechwer-a54g54_firmwareMatch1.02
ORbuffalotechwer-a54g54_firmwareMatch1.03
ORbuffalotechwer-a54g54_firmwareMatch1.10
ORbuffalotechwer-a54g54_firmwareMatch1.12
ORbuffalotechwer-a54g54_firmwareMatch1.12beta
ORbuffalotechwer-a54g54_firmwareMatch1.13
ORbuffalotechwer-ag54_firmwareMatch1.04
ORbuffalotechwer-ag54_firmwareMatch1.12
ORbuffalotechwer-ag54_firmwareMatch1.12beta
ORbuffalotechwer-am54g54_firmwareMatch1.11
ORbuffalotechwer-am54g54_firmwareMatch1.12
ORbuffalotechwer-am54g54_firmwareMatch1.12beta
ORbuffalotechwer-am54g54_firmwareMatch1.13
ORbuffalotechwer-am54g54_firmwareMatch1.14
ORbuffalotechwer-amg54_firmwareMatch1.11
ORbuffalotechwer-amg54_firmwareMatch1.12
ORbuffalotechwer-amg54_firmwareMatch1.14
ORbuffalotechwhr-am54g54_firmwareMatch1.30
ORbuffalotechwhr-am54g54_firmwareMatch1.38
ORbuffalotechwhr-am54g54_firmwareMatch1.40
ORbuffalotechwhr-am54g54_firmwareMatch1.42
ORbuffalotechwhr-amg54_firmwareMatch1.31
ORbuffalotechwhr-amg54_firmwareMatch1.38
ORbuffalotechwhr-amg54_firmwareMatch1.40
ORbuffalotechwhr-amg54_firmwareMatch1.42
ORbuffalotechwhr-ampg_firmwareMatch1.46
ORbuffalotechwhr-g_firmwareMatch1.46
ORbuffalotechwhr-g54s_firmwareMatch1.20
ORbuffalotechwhr-g54s_firmwareMatch1.21
ORbuffalotechwhr-g54s_firmwareMatch1.23
ORbuffalotechwhr-g54s_firmwareMatch1.38
ORbuffalotechwhr-g54s_firmwareMatch1.40
ORbuffalotechwhr-g54s_firmwareMatch1.42
ORbuffalotechwhr-hp-ampg_firmwareMatch1.32
ORbuffalotechwhr-hp-g_firmwareMatch1.46
ORbuffalotechwhr-hp-g54_firmwareMatch1.20
ORbuffalotechwhr-hp-g54_firmwareMatch1.21
ORbuffalotechwhr-hp-g54_firmwareMatch1.23
ORbuffalotechwhr-hp-g54_firmwareMatch1.38
ORbuffalotechwhr-hp-g54_firmwareMatch1.40
ORbuffalotechwhr-hp-g54_firmwareMatch1.42
ORbuffalotechwzr-ampg144nh_firmwareMatch1.47
ORbuffalotechwzr-ampg144nh_firmwareMatch1.48beta
ORbuffalotechwzr-ampg300nh_firmwareMatch1.48
ORbuffalotechwzr-g144n_firmwareMatch1.45
ORbuffalotechwzr-g144n_firmwareMatch1.46beta
ORbuffalotechwzr-g144n_firmwareMatch1.47
ORbuffalotechwzr-g144n_firmwareMatch1.47beta
ORbuffalotechwzr-g144nh_firmwareMatch1.45
ORbuffalotechwzr-g144nh_firmwareMatch1.47
ORbuffalotechwzr-g144nh_firmwareMatch1.47beta
ORbuffalotechwzr-g144nh_firmwareMatch1.48
ORbuffalotechwzr2-g300n_firmwareMatch1.48
ORbuffalotechwzr2-g300n_firmwareMatch1.50beta
ORbuffalotechas-100
ORbuffalotechbbr-4hg
ORbuffalotechbbr-4mg
ORbuffalotechbhr-4rv
ORbuffalotechfs-g54
ORbuffalotechwer-a54g54
ORbuffalotechwer-ag54
ORbuffalotechwer-am54g54
ORbuffalotechwer-amg54
ORbuffalotechwhr-am54g54
ORbuffalotechwhr-amg54
ORbuffalotechwhr-ampg
ORbuffalotechwhr-g
ORbuffalotechwhr-g54s
ORbuffalotechwhr-hp-ampg
ORbuffalotechwhr-hp-g
ORbuffalotechwhr-hp-g54
ORbuffalotechwzr-ampg144nh
ORbuffalotechwzr-ampg300nh
ORbuffalotechwzr-g144n
ORbuffalotechwzr-g144nh
ORbuffalotechwzr2-g300n
Related
nvd
nvd
CVE-2011-1324
2011-05-09 19:55:03
jvn
jvn
cvelist
cvelist
CVE-2011-1324
2022-10-03 16:15:11
prion
prion
Cross site request forgery (csrf)
2011-05-09 19:55:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
34.2%
Related for CVE-2011-1324