PT-2016-4592 · Buffalo · Wex-300+7

Masashi Sakai

+1

·

Publicado

2016-01-22

·

Atualizado

2016-03-14

·

CVE-2016-1134

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions BUFFALO BHR-4GRV2 versions 1.04 and earlier BUFFALO WEX-300 versions 1.90 and earlier BUFFALO WHR-1166DHP versions 1.90 and earlier BUFFALO WHR-300HP2 versions 1.90 and earlier BUFFALO WHR-600D versions 1.90 and earlier BUFFALO WMR-300 versions 1.90 and earlier BUFFALO WMR-433 versions 1.01 and earlier BUFFALO WSR-1166DHP versions 1.01 and earlier
Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application.
Recommendations For BUFFALO BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04. For BUFFALO WEX-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-1166DHP versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-300HP2 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-600D versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-433 versions 1.01 and earlier, update to a version later than 1.01. For BUFFALO WSR-1166DHP versions 1.01 and earlier, update to a version later than 1.01.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2016-1134

Produtos afetados

Bhr-4Grv2
Wex-300
Whr-1166Dhp
Whr-300Hp2
Whr-600D
Wmr-300
Wmr-433
Wsr-1166Dhp