CVE-2011-1324

Name of the Vulnerable Software and Affected Versions Buffalo WHR, WZR2, WZR, WER, and BBR series routers versions 1.x Buffalo BHR-4RV and FS-G54 routers versions 2.x Buffalo AS-100 routers (affected versions not specified)

Description The issue allows remote attackers to hijack the authentication of administrators for requests that modify settings, such as changing the login password, due to multiple cross-site request forgery (CSRF) vulnerabilities in the management screen.

Recommendations For Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x: update the firmware to a version that addresses the CSRF vulnerabilities. For Buffalo BHR-4RV and FS-G54 routers with firmware 2.x: update the firmware to a version that addresses the CSRF vulnerabilities. For Buffalo AS-100 routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability.