CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2CVE-2007-4822
https://notcve.org/view.php?id=CVE-2007-4822
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el interfaz de administración de Buffalo AirStation WHR-G54S 1.20 permite a atacantes remotos realizar cambios de configuración como administradores mediante peticiones HTTP a determinadas páginas HTML en el parámetro res con un parámetro inp en la petición a cgi-bin/cgi, como se ha demostrado accediendo a (1)ap.html y (2) filter_ip.html. • http://osvdb.org/37665 http://secunia.com/advisories/26712 http://securityreason.com/securityalert/3117 http://www.louhi.fi/advisory/buffalo_070907.txt http://www.securityfocus.com/archive/1/478795/100/0/threaded http://www.securityfocus.com/archive/1/478801/100/0/threaded http://www.securityfocus.com/bid/25588 https://exchange.xforce.ibmcloud.com/vulnerabilities/36492 • CWE-352: Cross-Site Request Forgery (CSRF) •