[Japanese]

JVNDB-2007-000875

AirStation series and BroadStation series vulnerable to cross-site request forgery

Overview

Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery.

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


BUFFALO INC.
  • BHR-4RV firmware Ver.2.48 and earlier
  • WHR2-G54V firmware Ver.2.42 and earlier
  • WZR-RS-G54 firmware Ver.2.46 and earlier
  • WZR-RS-G54HP firmware Ver.2.43 and earlier

Impact

If the administrator of such a product logs into the web administration interface and views a malicious website, an attacker could change the password or other settings.
Solution

Update the Software

Apply firmware upgrades for each product.
Vendor Information

BUFFALO INC.
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#71872818
Revision History

  • [2008/05/21]
      Web page published