medium
5.8
CWE
352
Advisory Published
Updated

CVE-2011-1324: CSRF

First published: Mon May 09 2011(Updated: )

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Buffalo BHR-4RV Firmware=2.46
Buffalo WHR-AMG54 Firmware=1.42
Buffalo Technology WER-AMG54=1.14
Buffalo Technology WER-AMG54=1.11
Buffalo Technology WER-AG54=1.12
Buffalo Technology WZR-APG144NH Firmware=1.47
Buffalo Technology WZR-AMPG300NH Firmware=1.48
Buffalo FS-G54 Firmware=2.07
Buffalo Technology WER-A54G54 Firmware=1.02
Buffalo Technology WER-A54G54 Firmware=1.12-beta
Buffalo Technology WZR-APG144NH Firmware=1.48-beta
Buffalo Technology WER-A54G54 Firmware=1.03
Buffalo WHR-AM54G54=1.40
Buffalo BBR-4MG
Buffalo BBR-4MG Firmware=1.33-beta
Buffalo BBR-4MG Firmware=1.20
Buffalo BBR-4HG Firmware=1.30-beta
Buffalo BBR-4MG Firmware=1.12
Buffalo Technology WER-A54G54 Firmware=1.00
Buffalo Technology WZR-AMPG300NH Firmware
Buffalo BBR-4MG Firmware=1.11-beta
Buffalo Technology WZR2-G300N Firmware=1.50-beta
Buffalo BHR-4RV Firmware=2.48
Buffalo BBR-4MG Firmware=1.31
Buffalo WHR-HP-G54
Buffalo Technology WZR-G144N Firmware=1.47
Buffalo WHR-HP-G54 Firmware=1.40
Buffalo Technology WHR-HP-G=1.46
Buffalo WHR-G54S Firmware=1.20
Buffalo BBR-4MG Firmware=1.01-beta
Buffalo WHR-AMG54 Firmware=1.40
Buffalo Technology WHR-AMPG Firmware=1.46
Buffalo Technology WZR-G144NH Firmware
Buffalo BBR-4MG Firmware=1.10
Buffalo BBR-4HG Firmware=1.11-beta
Buffalo WHR-G54S Firmware=1.40
Buffalo WHR-AMG54 Firmware=1.38
Buffalo BBR-4HG Firmware=1.02
Buffalo WHR-HP-G54 Firmware=1.21
Buffalo Technology WHR-AMPG
Buffalo BHR-4RV Firmware=2.31
Buffalo BBR-4MG Firmware=1.32
Buffalo WHR-AM54G54=1.42
Buffalo WHR-AMG54 Firmware
Buffalo Technology WHR-HP-AMPG=1.32
Buffalo WHR-G54S Firmware=1.38
Buffalo BBR-4MG Firmware=1.00
Buffalo Technology WZR-G144N Firmware=1.47-beta
Buffalo Technology WZR-G144NH Firmware=1.47
Buffalo BBR-4MG Firmware=1.30-beta
Buffalo Tech WER-AM54G54 Firmware=1.13
Buffalo BBR-4HG Firmware=1.10-beta
Buffalo Technology WER-A54G54
Buffalo BHR-4RV Firmware=2.42
Buffalo Technology WZR-G144NH Firmware=1.48
Buffalo WHR-G54S Firmware=1.23
Buffalo BBR-4MG Firmware=1.10-beta
Buffalo BBR-4HG Firmware=1.33-beta
Buffalo Technology WER-AG54
Buffalo WHR-G54S Firmware
Buffalo Technology WZR2-G300N Firmware
Buffalo Technology WZR-G144NH Firmware=1.45
Buffalo WHR-HP-G54 Firmware=1.42
Buffalo BBR-4HG Firmware=1.31
Buffalo Tech WER-AM54G54 Firmware=1.14
Buffalo BHR-4RV Firmware=2.33-prebeta
Buffalo WHR-AM54G54
Buffalo WHR-HP-G54 Firmware=1.23
Buffalo Technology WHR-G Firmware=1.46
Buffalo Tech FS-G54
Buffalo BBR-4HG Firmware=1.10
Buffalo WHR-HP-G54 Firmware=1.38
Buffalo Technology WER-AG54=1.12-beta
Buffalo Technology WZR2-G300N Firmware=1.48
Buffalo BBR-4HG Firmware=1.20-beta
Buffalo BBR-4MG Firmware=1.32-beta
Buffalo Technology WZR-G144N Firmware
Buffalo Tech WER-AM54G54 Firmware
Buffalo Tech WER-AM54G54 Firmware=1.11
Buffalo WHR-G54S Firmware=1.21
Buffalo Technology WER-A54G54 Firmware=1.10
Buffalo BBR-4MG Firmware=1.03
Buffalo WHR-HP-G54 Firmware=1.20
Buffalo BBR-4MG Firmware=1.04-beta
Buffalo WHR-G54S Firmware=1.42
Buffalo BHR-4RV
Buffalo BBR-4MG Firmware=1.20-beta
Buffalo Technology WZR-G144NH Firmware=1.47-beta
Buffalo Technology WZR-G144N Firmware=1.45
Buffalo BBR-4HG Firmware=1.04
Buffalo BBR-4MG Firmware=1.30
Buffalo WHR-AM54G54=1.38
Buffalo BBR-4HG Firmware=1.20
Buffalo BBR-4MG Firmware=1.04
Buffalo Technology WER-A54G54 Firmware=1.13
Buffalo Tech WER-AM54G54 Firmware=1.12-beta
Buffalo Technology WER-A54G54 Firmware=1.01-beta
Buffalo Technology WHR-HP-G
Buffalo BBR-4HG Firmware=1.30
Buffalo Technology WHR-HP-AMPG
Buffalo Technology WER-AG54=1.04
buffalotech wer-amg54 firmware
Buffalo WHR-AM54G54=1.30
Buffalo Technology WER-A54G54 Firmware=1.12
Buffalo BBR-4HG Firmware=1.04-beta
Buffalo BHR-4RV Firmware=2.32-prebeta
Buffalo BBR-4MG Firmware=1.33
Buffalo Tech WER-AM54G54 Firmware=1.12
Buffalo Technology WER-AMG54=1.12
Buffalo Technology WZR-APG144NH Firmware
Buffalo Technology AS-100
Buffalo WHR-AMG54 Firmware=1.31
Buffalo BBR-4HG Firmware=1.32
Buffalo BBR-4HG Firmware
Buffalo Technology WZR-G144N Firmware=1.46-beta
Buffalo Technology WHR-G Firmware
Buffalo BBR-4HG Firmware=1.32-beta
Buffalo BBR-4HG Firmware=1.12

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2011-1324?

    CVE-2011-1324 is classified as a moderate severity vulnerability due to its potential to allow unauthorized access to the router's management capabilities.

  • How do I fix CVE-2011-1324?

    To mitigate CVE-2011-1324, update your router firmware to the latest version provided by Buffalo Technology.

  • What devices are affected by CVE-2011-1324?

    CVE-2011-1324 affects multiple Buffalo routers including WHR, WZR, BBR, and AS-100, specifically those with firmware versions 1.x and 2.x.

  • What type of attack does CVE-2011-1324 facilitate?

    CVE-2011-1324 allows attackers to perform cross-site request forgery (CSRF) attacks, potentially enabling them to hijack the authentication of administrators.

  • Is there a workaround for CVE-2011-1324?

    While firmware updates are the primary recommendation, minimizing exposure of the management interface to the internet may serve as a temporary workaround.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203