Strix
26.1K

CVE-2011-1324

UnknownEPSS 0.47%

Last modified

CVE-2011-1324 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Metrics

EPSS Probability
0.47%

37.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
BuffalotechBbr-4hg Firmware1.02
BuffalotechBbr-4hg Firmware1.04
BuffalotechBbr-4hg Firmware1.10
BuffalotechBbr-4hg Firmware1.11Beta
BuffalotechBbr-4hg Firmware1.12
BuffalotechBbr-4hg Firmware1.20
BuffalotechBbr-4hg Firmware1.30
BuffalotechBbr-4hg Firmware1.31
BuffalotechBbr-4hg Firmware1.32
BuffalotechBbr-4hg Firmware1.33Beta
BuffalotechBbr-4mg Firmware1.00
BuffalotechBbr-4mg Firmware1.01Beta
BuffalotechBbr-4mg Firmware1.03
BuffalotechBbr-4mg Firmware1.04
BuffalotechBbr-4mg Firmware1.10
BuffalotechBbr-4mg Firmware1.11Beta
BuffalotechBbr-4mg Firmware1.12
BuffalotechBbr-4mg Firmware1.20
BuffalotechBbr-4mg Firmware1.30
BuffalotechBbr-4mg Firmware1.31
BuffalotechBbr-4mg Firmware1.32
BuffalotechBbr-4mg Firmware1.33
BuffalotechBhr-4rv Firmware2.31
BuffalotechBhr-4rv Firmware2.32Prebeta
BuffalotechBhr-4rv Firmware2.33Prebeta
BuffalotechBhr-4rv Firmware2.42
BuffalotechBhr-4rv Firmware2.46
BuffalotechBhr-4rv Firmware2.48
BuffalotechFs-G54 Firmware2.07
BuffalotechWer-A54g54 Firmware1.00
BuffalotechWer-A54g54 Firmware1.01Beta
BuffalotechWer-A54g54 Firmware1.02
BuffalotechWer-A54g54 Firmware1.03
BuffalotechWer-A54g54 Firmware1.10
BuffalotechWer-A54g54 Firmware1.12
BuffalotechWer-A54g54 Firmware1.13
BuffalotechWer-Ag54 Firmware1.04
BuffalotechWer-Ag54 Firmware1.12
BuffalotechWer-Am54g54 Firmware1.11
BuffalotechWer-Am54g54 Firmware1.12
BuffalotechWer-Am54g54 Firmware1.13
BuffalotechWer-Am54g54 Firmware1.14
BuffalotechWer-Amg54 Firmware1.11
BuffalotechWer-Amg54 Firmware1.12
BuffalotechWer-Amg54 Firmware1.14
BuffalotechWhr-Am54g54 Firmware1.30
BuffalotechWhr-Am54g54 Firmware1.38
BuffalotechWhr-Am54g54 Firmware1.40
BuffalotechWhr-Am54g54 Firmware1.42
BuffalotechWhr-Amg54 Firmware1.31

Showing 50 of 102 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-1324?
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.
How severe is CVE-2011-1324?
Severity scoring for CVE-2011-1324 is pending analysis. The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.
How do I fix CVE-2011-1324?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1324?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST