Sign-up

ID

VAR-200709-0221


CVE

CVE-2007-4822


TITLE

Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability

Trust: 0.9

sources: BID: 25588 // CNNVD: CNNVD-200709-121

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. Buffalo AirStation WHR-G54S is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's cookie credentials to perform actions with the application. This issue affects Buffalo AirStation WHR-G54S 1.20; other versions may also be affected. For example visit (1) ap.html and (2) filter_ip.html. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Buffalo AirStation WHR-G54S Cross-Site Request Forgery SECUNIA ADVISORY ID: SA26712 VERIFY ADVISORY: http://secunia.com/advisories/26712/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Buffalo AirStation WHR-G54S http://secunia.com/product/15671/ DESCRIPTION: Henri Lindberg has reported a vulnerability in Buffalo AirStation WHR-G54S, which can be exploited by malicious people to conduct cross-site request forgery attacks. The management interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform certain actions when a logged in administrator is tricked into visiting a malicious website. The vulnerability is reported in WHR-G54S version 1.20. SOLUTION: Do not browse untrusted sites while being logged in to the administrative section of the device. PROVIDED AND/OR DISCOVERED BY: Henri Lindberg ORIGINAL ADVISORY: http://www.louhi.fi/advisory/buffalo_070907.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4822 // JVNDB: JVNDB-2007-002621 // BID: 25588 // VULHUB: VHN-28184 // PACKETSTORM: 59227

AFFECTED PRODUCTS

vendor:buffalotechmodel:airstation whr-g54sscope:eqversion:1.20

Trust: 1.0

vendor:buffalomodel:airstation whr-g54sscope:eqversion:1.20

Trust: 0.8

vendor:oraclemodel:database serverscope:eqversion:9.2.0.8dv

Trust: 0.6

vendor:oraclemodel:database serverscope:eqversion:9.2.0.8

Trust: 0.6

vendor:buffalomodel:technology airstation whr-g54sscope:eqversion:1.2

Trust: 0.3

sources: BID: 25588 // JVNDB: JVNDB-2007-002621 // CNNVD: CNNVD-200709-121 // NVD: CVE-2007-4822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4822
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-4822
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200709-121
value: MEDIUM

Trust: 0.6

VULHUB: VHN-28184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-4822
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-28184
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28184 // JVNDB: JVNDB-2007-002621 // CNNVD: CNNVD-200709-121 // NVD: CVE-2007-4822

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-28184 // JVNDB: JVNDB-2007-002621 // NVD: CVE-2007-4822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-121

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200709-121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002621

PATCH
title:Top Pageurl:http://www.buffalotech.com/select-your-region
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002621

EXTERNAL IDS
db:NVDid:CVE-2007-4822
Trust: 2.8
db:BIDid:25588
Trust: 2.0
db:SECUNIAid:26712
Trust: 1.8
db:OSVDBid:37665
Trust: 1.7
db:SREASONid:3117
Trust: 1.7
db:JVNDBid:JVNDB-2007-002621
Trust: 0.8
db:BUGTRAQid:20070907 RE: BUFFALO AIRSTATION WHR-G54S CSRF VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20070907 BUFFALO AIRSTATION WHR-G54S CSRF VULNERABILITY
Trust: 0.6
db:XFid:36492
Trust: 0.6
db:CNNVDid:CNNVD-200709-121
Trust: 0.6
db:VULHUBid:VHN-28184
Trust: 0.1
db:PACKETSTORMid:59227
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28184 // 
            
            
            
            BID: 25588 // 
            
            
            
            JVNDB: JVNDB-2007-002621 // 
            
            
            
            PACKETSTORM: 59227 // 
            
            
            
            CNNVD: CNNVD-200709-121 // 
            
            
            
            NVD: CVE-2007-4822

REFERENCES
url:http://www.louhi.fi/advisory/buffalo_070907.txt
Trust: 2.1
url:http://www.securityfocus.com/bid/25588
Trust: 1.7
url:http://osvdb.org/37665
Trust: 1.7
url:http://secunia.com/advisories/26712
Trust: 1.7
url:http://securityreason.com/securityalert/3117
Trust: 1.7
url:http://www.securityfocus.com/archive/1/478795/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/478801/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36492
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4822
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4822
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/36492
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/478801/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/478795/100/0/threaded
Trust: 0.6
url:http://www.buffalotech.com/home/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/15671/
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/26712/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28184 // 
            
            
            
            BID: 25588 // 
            
            
            
            JVNDB: JVNDB-2007-002621 // 
            
            
            
            PACKETSTORM: 59227 // 
            
            
            
            CNNVD: CNNVD-200709-121 // 
            
            
            
            NVD: CVE-2007-4822

CREDITS
Henri Lindberg is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 25588 // 
            
            
            
            CNNVD: CNNVD-200709-121

SOURCES
db:VULHUBid:VHN-28184
db:BIDid:25588
db:JVNDBid:JVNDB-2007-002621
db:PACKETSTORMid:59227
db:CNNVDid:CNNVD-200709-121
db:NVDid:CVE-2007-4822

LAST UPDATE DATE
2024-11-23T21:57:04.610000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28184date:2018-10-15T00:00:00
db:BIDid:25588date:2015-04-16T18:09:00
db:JVNDBid:JVNDB-2007-002621date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200709-121date:2007-10-26T00:00:00
db:NVDid:CVE-2007-4822date:2024-11-21T00:36:31.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-28184date:2007-09-11T00:00:00
db:BIDid:25588date:2007-09-07T00:00:00
db:JVNDBid:JVNDB-2007-002621date:2012-06-26T00:00:00
db:PACKETSTORMid:59227date:2007-09-11T22:19:30
db:CNNVDid:CNNVD-200709-121date:2007-09-11T00:00:00
db:NVDid:CVE-2007-4822date:2007-09-11T19:17:00