CVE-2016-1134

Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CSRF
Severity
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
buffalotechwhr-1166dhp_firmware
𝑥
≤ 1.90
buffalotechwhr-300hp2_firmware
𝑥
≤ 1.90
buffalotechwmr-300_firmware
𝑥
≤ 1.90
buffalotechbhr-4grv2_firmware
𝑥
≤ 1.04
buffalotechwex-300_firmware
𝑥
≤ 1.90
buffalotechwhr-600d_firmware
𝑥
≤ 1.90
buffalotechwmr-433_firmware
𝑥
≤ 1.01
buffalotechwsr-1166dhp_firmware
𝑥
≤ 1.01
𝑥
= Vulnerable software versions