4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
83.2%
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.
CPE | Name | Operator | Version |
---|---|---|---|
buffalotech:airstation_whr-g54s | buffalotech airstation whr-g54s | eq | 1.20 |
osvdb.org/37665
secunia.com/advisories/26712
securityreason.com/securityalert/3117
www.louhi.fi/advisory/buffalo_070907.txt
www.securityfocus.com/archive/1/478795/100/0/threaded
www.securityfocus.com/archive/1/478801/100/0/threaded
www.securityfocus.com/bid/25588
exchange.xforce.ibmcloud.com/vulnerabilities/36492