PT-2016-4592 · Buffalo · Wex-300+7
Masashi Sakai
+1
·
Published
2016-01-22
·
Updated
2016-03-14
·
CVE-2016-1134
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BUFFALO BHR-4GRV2 versions 1.04 and earlier
BUFFALO WEX-300 versions 1.90 and earlier
BUFFALO WHR-1166DHP versions 1.90 and earlier
BUFFALO WHR-300HP2 versions 1.90 and earlier
BUFFALO WHR-600D versions 1.90 and earlier
BUFFALO WMR-300 versions 1.90 and earlier
BUFFALO WMR-433 versions 1.01 and earlier
BUFFALO WSR-1166DHP versions 1.01 and earlier
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application.
Recommendations
For BUFFALO BHR-4GRV2 versions 1.04 and earlier, update to a version later than 1.04.
For BUFFALO WEX-300 versions 1.90 and earlier, update to a version later than 1.90.
For BUFFALO WHR-1166DHP versions 1.90 and earlier, update to a version later than 1.90.
For BUFFALO WHR-300HP2 versions 1.90 and earlier, update to a version later than 1.90.
For BUFFALO WHR-600D versions 1.90 and earlier, update to a version later than 1.90.
For BUFFALO WMR-300 versions 1.90 and earlier, update to a version later than 1.90.
For BUFFALO WMR-433 versions 1.01 and earlier, update to a version later than 1.01.
For BUFFALO WSR-1166DHP versions 1.01 and earlier, update to a version later than 1.01.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bhr-4Grv2
Wex-300
Whr-1166Dhp
Whr-300Hp2
Whr-600D
Wmr-300
Wmr-433
Wsr-1166Dhp