Lucene search

[email protected]CVE-2007-4822

HistorySep 11, 2007 - 7:17 p.m.

CVE-2007-4822

2007-09-1119:17:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2007-4822

csrf

vulnerability

buffalo airstation

whr-g54s

device management

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.

Affected configurations

NVD

Node

buffalotechairstation_whr-g54sMatch1.20firmware

Node

oracledatabase_serverMatch9.2.0.8r2

oracledatabase_serverMatch9.2.0.8dvr2

CPENameOperatorVersion
buffalotech:airstation_whr-g54sbuffalotech airstation whr-g54seq1.20

CPE	Name	Operator	Version
buffalotech:airstation_whr-g54s	buffalotech airstation whr-g54s	eq	1.20

References

osvdb.org/37665

secunia.com/advisories/26712

securityreason.com/securityalert/3117

www.louhi.fi/advisory/buffalo_070907.txt

www.securityfocus.com/archive/1/478795/100/0/threaded

www.securityfocus.com/archive/1/478801/100/0/threaded

www.securityfocus.com/bid/25588

exchange.xforce.ibmcloud.com/vulnerabilities/36492

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2007-4822

prion1 nvd1 cvelist1