Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

Bugtraq ID:	25588
Class:	Origin Validation Error
CVE:	CVE-2007-4822
Remote:	Yes
Local:	No
Published:	Sep 07 2007 12:00AM
Updated:	Apr 16 2015 06:09PM
Credit:	Henri Lindberg is credited with the discovery of this vulnerability.
Vulnerable:	Buffalo Technology Airstation WHR-G54S 1.2
Not Vulnerable:

Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

Buffalo AirStation WHR-G54S is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to use a victim's cookie credentials to perform actions with the application.

This issue affects Buffalo AirStation WHR-G54S 1.20; other versions may also be affected.

Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a maliciously crafted HTML document.

• /data/vulnerabilities/exploits/25588.html

Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

References:

• Buffalo AirStation WHR-G54S (Buffalo)
  
• Buffalo AirStation WHR-G54S Web Management CSRF (Henri Lindberg)