CVE-2007-4822

Name of the Vulnerable Software and Affected Versions: Buffalo AirStation WHR-G54S version 1.20

Description: A cross-site request forgery (CSRF) issue exists in the device management interface, allowing remote attackers to make configuration changes as an administrator. This can be achieved via HTTP requests to certain HTML pages, specifically by accessing pages such as "ap.html" and "filter ip.html" with an "inp req" parameter to "cgi-bin/cgi".

Recommendations: For Buffalo AirStation WHR-G54S version 1.20, consider disabling access to the device management interface until a patch is available. Restrict access to the "cgi-bin/cgi" endpoint to minimize the risk of exploitation. Avoid using the "res" parameter in HTTP requests to certain HTML pages until the issue is resolved.