Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wer-am54g54_firmware | 1.12 |
| buffalotech | whr-amg54_firmware | 1.31 |
| buffalotech | wzr-g144nh_firmware | 1.45 |
| buffalotech | as-100 | * |
| buffalotech | bhr-4rv_firmware | 2.33 |
| buffalotech | whr-g54s_firmware | 1.23 |
| buffalotech | wzr-g144n_firmware | 1.47 |
| buffalotech | wzr-ampg144nh | * |
| buffalotech | bbr-4hg_firmware | 1.11 |
| buffalotech | wzr-g144nh_firmware | 1.48 |
| buffalotech | wzr-ampg144nh_firmware | 1.48 |
| buffalotech | wer-amg54_firmware | 1.12 |
| buffalotech | whr-hp-g54_firmware | 1.20 |
| buffalotech | bbr-4hg_firmware | 1.12 |
| buffalotech | whr-g_firmware | 1.46 |
| buffalotech | whr-hp-g54_firmware | 1.21 |
| buffalotech | bhr-4rv_firmware | 2.48 |
| buffalotech | whr-g54s_firmware | 1.20 |
| buffalotech | whr-g54s | * |
| buffalotech | bbr-4mg_firmware | 1.11 |
| buffalotech | bbr-4hg_firmware | 1.20 |
| buffalotech | wer-a54g54_firmware | 1.10 |
| buffalotech | whr-amg54_firmware | 1.38 |
| buffalotech | wer-a54g54_firmware | 1.02 |
| buffalotech | whr-hp-g54_firmware | 1.23 |
| buffalotech | wer-a54g54 | * |
| buffalotech | wer-ag54_firmware | 1.12 |
| buffalotech | wer-am54g54_firmware | 1.11 |
| buffalotech | bbr-4mg_firmware | 1.32 |
| buffalotech | fs-g54_firmware | 2.07 |
| buffalotech | bbr-4mg_firmware | 1.30 |
| buffalotech | whr-g54s_firmware | 1.38 |
| buffalotech | wzr-ampg300nh | * |
| buffalotech | whr-amg54 | * |
| buffalotech | whr-hp-ampg | * |
| buffalotech | bbr-4mg_firmware | 1.03 |
| buffalotech | whr-am54g54 | * |
| buffalotech | wzr2-g300n_firmware | 1.50 |
| buffalotech | whr-g54s_firmware | 1.40 |
| buffalotech | bhr-4rv_firmware | 2.31 |
| buffalotech | wzr-ampg300nh_firmware | 1.48 |
| buffalotech | wzr-g144n | * |
| buffalotech | whr-g54s_firmware | 1.42 |
| buffalotech | wer-a54g54_firmware | 1.13 |
| buffalotech | wzr-g144nh_firmware | 1.47 |
| buffalotech | bbr-4mg_firmware | 1.04 |
| buffalotech | wzr2-g300n | * |
| buffalotech | whr-hp-g54 | * |
| buffalotech | wer-amg54 | * |
| buffalotech | wzr-g144n_firmware | 1.45 |
| buffalotech | bbr-4mg_firmware | 1.01 |
| buffalotech | wer-ag54_firmware | 1.04 |
| buffalotech | bbr-4mg_firmware | 1.31 |
| buffalotech | whr-amg54_firmware | 1.40 |
| buffalotech | wer-a54g54_firmware | 1.03 |
| buffalotech | wer-am54g54_firmware | 1.13 |
| buffalotech | wzr2-g300n_firmware | 1.48 |
| buffalotech | whr-g | * |
| buffalotech | bbr-4hg_firmware | 1.33 |
| buffalotech | wer-am54g54_firmware | 1.14 |
| buffalotech | bbr-4mg_firmware | 1.00 |
| buffalotech | bbr-4mg_firmware | 1.10 |
| buffalotech | whr-hp-g_firmware | 1.46 |
| buffalotech | whr-hp-g54_firmware | 1.38 |
| buffalotech | wer-amg54_firmware | 1.11 |
| buffalotech | whr-am54g54_firmware | 1.42 |
| buffalotech | whr-hp-ampg_firmware | 1.32 |
| buffalotech | bbr-4hg_firmware | 1.31 |
| buffalotech | bbr-4hg_firmware | 1.10 |
| buffalotech | bbr-4hg_firmware | 1.32 |
| buffalotech | bbr-4hg_firmware | 1.02 |
| buffalotech | wer-amg54_firmware | 1.14 |
| buffalotech | whr-hp-g54_firmware | 1.42 |
| buffalotech | whr-g54s_firmware | 1.21 |
| buffalotech | whr-am54g54_firmware | 1.30 |
| buffalotech | bhr-4rv | * |
| buffalotech | bbr-4mg_firmware | 1.20 |
| buffalotech | whr-amg54_firmware | 1.42 |
| buffalotech | wer-a54g54_firmware | 1.01 |
| buffalotech | wer-ag54 | * |
| buffalotech | whr-hp-g | * |
| buffalotech | bhr-4rv_firmware | 2.32 |
| buffalotech | whr-am54g54_firmware | 1.40 |
| buffalotech | bbr-4mg | * |
| buffalotech | wer-a54g54_firmware | 1.12 |
| buffalotech | bhr-4rv_firmware | 2.46 |
| buffalotech | bbr-4hg | * |
| buffalotech | whr-ampg_firmware | 1.46 |
| buffalotech | wzr-g144n_firmware | 1.46 |
| buffalotech | bbr-4mg_firmware | 1.12 |
| buffalotech | wer-am54g54 | * |
| buffalotech | bbr-4mg_firmware | 1.33 |
| buffalotech | wer-a54g54_firmware | 1.00 |
| buffalotech | bhr-4rv_firmware | 2.42 |
| buffalotech | bbr-4hg_firmware | 1.04 |
| buffalotech | whr-am54g54_firmware | 1.38 |
| buffalotech | wzr-g144nh | * |
| buffalotech | wzr-ampg144nh_firmware | 1.47 |
| buffalotech | fs-g54 | * |
| buffalotech | bbr-4hg_firmware | 1.30 |
| buffalotech | whr-hp-g54_firmware | 1.40 |
| buffalotech | whr-ampg | * |
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | whr-300hp2_firmware | * |
| buffalotech | wex-300_firmware | * |
| buffalotech | wsr-600dhp_firmware | * |
| buffalotech | whr-600d_firmware | * |
| buffalotech | bhr-4grv2_firmware | * |
| buffalotech | wmr-300_firmware | * |
| buffalotech | whr-1166dhp_firmware | * |
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | airstation_extreme_n600_firmware | 2.13 |
| buffalotech | airstation_extreme_n600_firmware | 2.09 |
| buffalotech | airstation_extreme_n600 | * |
| buffalotech | airstation_extreme_n600_firmware | 2.16 |
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wmr-433_firmware | * |
| buffalotech | whr-300hp2_firmware | * |
| buffalotech | wex-300_firmware | * |
| buffalotech | whr-600d_firmware | * |
| buffalotech | bhr-4grv2_firmware | * |
| buffalotech | wmr-300_firmware | * |
| buffalotech | wsr-1166dhp_firmware | * |
| buffalotech | whr-1166dhp_firmware | * |
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | whr-300hp2_firmware | 1.90 |
| buffalotech | whr-600d_firmware | 1.90 |
| buffalotech | whr-1166dhp_firmware | 1.90 |
| buffalotech | wmr-433_firmware | 1.01 |
| buffalotech | wmr-300_firmware | 1.90 |
| buffalotech | bhr-4grv2_firmware | 1.04 |
| buffalotech | wex-300_firmware | 1.90 |
| buffalotech | wsr-1166dhp_firmware | 1.01 |
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| buffalotech | wnc01wh_firmware | * |