Masashi Sakai

**Name of the Vulnerable Software and Affected Versions** WL-330NUL Firmware versions prior to 3.0.0.46 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via unspecified vectors. **Recommendations** For versions prior to 3.0.0.46, update to version 3.0.0.46 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BUFFALO BHR-4GRV2 versions 1.04 and earlier BUFFALO WEX-300 versions 1.90 and earlier BUFFALO WHR-1166DHP versions 1.90 and earlier BUFFALO WHR-300HP2 versions 1.90 and earlier BUFFALO WHR-600D versions 1.90 and earlier BUFFALO WMR-300 versions 1.90 and earlier BUFFALO WMR-433 versions 1.01 and earlier BUFFALO WSR-1166DHP versions 1.01 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application. **Recommendations** For BUFFALO BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04. For BUFFALO WEX-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-1166DHP versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-300HP2 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WHR-600D versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-300 versions 1.90 and earlier, update to a version later than 1.90. For BUFFALO WMR-433 versions 1.01 and earlier, update to a version later than 1.01. For BUFFALO WSR-1166DHP versions 1.01 and earlier, update to a version later than 1.01.

**Name of the Vulnerable Software and Affected Versions** Buffalo WHR-1166DHP versions 1.60 and earlier Buffalo WSR-600DHP versions 1.60 and earlier Buffalo WHR-600D versions 1.60 and earlier Buffalo WHR-300HP2 versions 1.60 and earlier Buffalo WMR-300 versions 1.60 and earlier Buffalo WEX-300 versions 1.60 and earlier Buffalo BHR-4GRV2 versions 1.04 and earlier **Description** The issue allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. **Recommendations** For Buffalo WHR-1166DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WSR-600DHP versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-600D versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WHR-300HP2 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WMR-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo WEX-300 versions 1.60 and earlier, update to a version later than 1.60. For Buffalo BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04.

**Name of the Vulnerable Software and Affected Versions** SoftBank Wi-Fi Spot Configuration Software versions prior to 1.7.1 SoftBank Windows Mobile smartphones with the WISPrClient application versions prior to 1.3.1 **Description** The issue allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network, due to the software's failure to properly connect to access points. **Recommendations** For SoftBank Wi-Fi Spot Configuration Software versions prior to 1.7.1, update to version 1.7.1 or later. For SoftBank Windows Mobile smartphones with the WISPrClient application versions prior to 1.3.1, update to version 1.3.1 or later.