cvelistv5 - cve-2007-4822

cve-2007-4822

Vulnerability from cvelistv5

Published

2007-09-11 19:00

Modified

2024-08-07 15:08

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37665
cve@mitre.org	http://secunia.com/advisories/26712
cve@mitre.org	http://securityreason.com/securityalert/3117
cve@mitre.org	http://www.louhi.fi/advisory/buffalo_070907.txt	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/478795/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/478801/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25588	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36492
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37665
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26712
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3117
af854a3a-2127-422b-91ae-364da2661108	http://www.louhi.fi/advisory/buffalo_070907.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478795/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25588	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36492

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
          },
          {
            "name": "20070907 Re: Buffalo AirStation WHR-G54S CSRF vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
          },
          {
            "name": "37665",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37665"
          },
          {
            "name": "20070907 Buffalo AirStation WHR-G54S CSRF vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
          },
          {
            "name": "buffalo-aoss-management-csrf(36492)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
          },
          {
            "name": "26712",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26712"
          },
          {
            "name": "25588",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25588"
          },
          {
            "name": "3117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
        },
        {
          "name": "20070907 Re: Buffalo AirStation WHR-G54S CSRF vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
        },
        {
          "name": "37665",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37665"
        },
        {
          "name": "20070907 Buffalo AirStation WHR-G54S CSRF vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
        },
        {
          "name": "buffalo-aoss-management-csrf(36492)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
        },
        {
          "name": "26712",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26712"
        },
        {
          "name": "25588",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25588"
        },
        {
          "name": "3117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3117"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4822",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.louhi.fi/advisory/buffalo_070907.txt",
              "refsource": "MISC",
              "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
            },
            {
              "name": "20070907 Re: Buffalo AirStation WHR-G54S CSRF vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
            },
            {
              "name": "37665",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37665"
            },
            {
              "name": "20070907 Buffalo AirStation WHR-G54S CSRF vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
            },
            {
              "name": "buffalo-aoss-management-csrf(36492)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
            },
            {
              "name": "26712",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26712"
            },
            {
              "name": "25588",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25588"
            },
            {
              "name": "3117",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3117"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4822",
    "datePublished": "2007-09-11T19:00:00",
    "dateReserved": "2007-09-11T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:buffalotech:airstation_whr-g54s:1.20:firmware:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0432ABE-2269-4E15-ACF9-1F20E51DFA15\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2E404AB-7F54-48D5-BFA5-8D08BB3FC6C7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"04E72F3A-E839-4CFF-9CB7-1E1FC6F8C8E9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados (CSRF) en el interfaz de administraci\\u00f3n de Buffalo AirStation WHR-G54S 1.20 permite a atacantes remotos realizar cambios de configuraci\\u00f3n como administradores mediante peticiones HTTP a determinadas p\\u00e1ginas HTML en el par\\u00e1metro res con un par\\u00e1metro inp en la petici\\u00f3n a cgi-bin/cgi, como se ha demostrado accediendo a (1)ap.html y (2) filter_ip.html.\"}]",
      "id": "CVE-2007-4822",
      "lastModified": "2024-11-21T00:36:31.880",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-09-11T19:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37665\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26712\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3117\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.louhi.fi/advisory/buffalo_070907.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/478795/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/478801/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25588\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36492\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.louhi.fi/advisory/buffalo_070907.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/478795/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/478801/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36492\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4822\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-11T19:17:00.000\",\"lastModified\":\"2024-11-21T00:36:31.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el interfaz de administraci\u00f3n de Buffalo AirStation WHR-G54S 1.20 permite a atacantes remotos realizar cambios de configuraci\u00f3n como administradores mediante peticiones HTTP a determinadas p\u00e1ginas HTML en el par\u00e1metro res con un par\u00e1metro inp en la petici\u00f3n a cgi-bin/cgi, como se ha demostrado accediendo a (1)ap.html y (2) filter_ip.html.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:buffalotech:airstation_whr-g54s:1.20:firmware:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0432ABE-2269-4E15-ACF9-1F20E51DFA15\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E404AB-7F54-48D5-BFA5-8D08BB3FC6C7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E72F3A-E839-4CFF-9CB7-1E1FC6F8C8E9\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37665\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26712\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3117\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.louhi.fi/advisory/buffalo_070907.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/478795/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/478801/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25588\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36492\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.louhi.fi/advisory/buffalo_070907.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/478795/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/478801/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2007-4822

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4822

Aliases

CVE-2007-4822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4822",
    "description": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.",
    "id": "GSD-2007-4822"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4822"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.",
      "id": "GSD-2007-4822",
      "modified": "2023-12-13T01:21:36.216011Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.louhi.fi/advisory/buffalo_070907.txt",
            "refsource": "MISC",
            "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
          },
          {
            "name": "20070907 Re: Buffalo AirStation WHR-G54S CSRF vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
          },
          {
            "name": "37665",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37665"
          },
          {
            "name": "20070907 Buffalo AirStation WHR-G54S CSRF vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
          },
          {
            "name": "buffalo-aoss-management-csrf(36492)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
          },
          {
            "name": "26712",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26712"
          },
          {
            "name": "25588",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25588"
          },
          {
            "name": "3117",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3117"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:buffalotech:airstation_whr-g54s:1.20:firmware:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.louhi.fi/advisory/buffalo_070907.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
            },
            {
              "name": "25588",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/25588"
            },
            {
              "name": "26712",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26712"
            },
            {
              "name": "3117",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3117"
            },
            {
              "name": "37665",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37665"
            },
            {
              "name": "buffalo-aoss-management-csrf(36492)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
            },
            {
              "name": "20070907 Re: Buffalo AirStation WHR-G54S CSRF vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
            },
            {
              "name": "20070907 Buffalo AirStation WHR-G54S CSRF vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:38Z",
      "publishedDate": "2007-09-11T19:17Z"
    }
  }
}

ghsa-3443-q38f-fwmh

Vulnerability from github

Published

2022-05-01 18:27

Modified

2022-05-01 18:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-11T19:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.",
  "id": "GHSA-3443-q38f-fwmh",
  "modified": "2022-05-01T18:27:38Z",
  "published": "2022-05-01T18:27:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4822"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37665"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26712"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3117"
    },
    {
      "type": "WEB",
      "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. Buffalo AirStation WHR-G54S is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's cookie credentials to perform actions with the application. This issue affects Buffalo AirStation WHR-G54S 1.20; other versions may also be affected. For example visit (1) ap.html and (2) filter_ip.html.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Buffalo AirStation WHR-G54S Cross-Site Request Forgery

SECUNIA ADVISORY ID: SA26712

VERIFY ADVISORY: http://secunia.com/advisories/26712/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

OPERATING SYSTEM: Buffalo AirStation WHR-G54S http://secunia.com/product/15671/

DESCRIPTION: Henri Lindberg has reported a vulnerability in Buffalo AirStation WHR-G54S, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The management interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to perform certain actions when a logged in administrator is tricked into visiting a malicious website.

The vulnerability is reported in WHR-G54S version 1.20.

SOLUTION: Do not browse untrusted sites while being logged in to the administrative section of the device.

PROVIDED AND/OR DISCOVERED BY: Henri Lindberg

ORIGINAL ADVISORY: http://www.louhi.fi/advisory/buffalo_070907.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0221",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airstation whr-g54s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "buffalotech",
        "version": "1.20"
      },
      {
        "model": "airstation whr-g54s",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "buffalo",
        "version": "1.20"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.0.8dv"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.0.8"
      },
      {
        "model": "technology airstation whr-g54s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "buffalo",
        "version": "1.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:buffalotech:airstation_whr-g54s:1.20:firmware:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Henri Lindberg is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-4822",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-4822",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-28184",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-4822",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200709-121",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28184",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. Buffalo AirStation WHR-G54S is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to use a victim\u0027s cookie credentials to perform actions with the application. \nThis issue affects Buffalo AirStation WHR-G54S 1.20; other versions may also be affected. For example visit (1) ap.html and (2) filter_ip.html. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nBuffalo AirStation WHR-G54S Cross-Site Request Forgery\n\nSECUNIA ADVISORY ID:\nSA26712\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26712/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nBuffalo AirStation WHR-G54S\nhttp://secunia.com/product/15671/\n\nDESCRIPTION:\nHenri Lindberg has reported a vulnerability in Buffalo AirStation\nWHR-G54S, which can be exploited by malicious people to conduct\ncross-site request forgery attacks. \n\nThe management interface allows users to perform certain actions via\nHTTP requests without performing any validity checks to verify the\nrequest. This can be exploited to perform certain actions when a\nlogged in administrator is tricked into visiting a malicious\nwebsite. \n\nThe vulnerability is reported in WHR-G54S version 1.20. \n\nSOLUTION:\nDo not browse untrusted sites while being logged in to the\nadministrative section of the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nHenri Lindberg\n\nORIGINAL ADVISORY:\nhttp://www.louhi.fi/advisory/buffalo_070907.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "PACKETSTORM",
        "id": "59227"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4822",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "25588",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26712",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "37665",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3117",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20070907 RE: BUFFALO AIRSTATION WHR-G54S CSRF VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070907 BUFFALO AIRSTATION WHR-G54S CSRF VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "36492",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28184",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59227",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "PACKETSTORM",
        "id": "59227"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "id": "VAR-200709-0221",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:32:14.154000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.buffalotech.com/select-your-region"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25588"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37665"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26712"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3117"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4822"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4822"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/36492"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/478801/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/478795/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.buffalotech.com/home/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15671/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26712/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "PACKETSTORM",
        "id": "59227"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "db": "PACKETSTORM",
        "id": "59227"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-09-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "date": "2007-09-07T00:00:00",
        "db": "BID",
        "id": "25588"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "date": "2007-09-11T22:19:30",
        "db": "PACKETSTORM",
        "id": "59227"
      },
      {
        "date": "2007-09-11T19:17:00",
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "date": "2007-09-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28184"
      },
      {
        "date": "2015-04-16T18:09:00",
        "db": "BID",
        "id": "25588"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002621"
      },
      {
        "date": "2018-10-15T21:38:18.110000",
        "db": "NVD",
        "id": "CVE-2007-4822"
      },
      {
        "date": "2007-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffalo AirStation WHR-G54S Web Management Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "25588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-121"
      }
    ],
    "trust": 0.6
  }
}

cve-2007-4822

Vulnerability from fkie_nvd

Published

2007-09-11 19:17

Modified

2024-11-21 00:36

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37665
cve@mitre.org	http://secunia.com/advisories/26712
cve@mitre.org	http://securityreason.com/securityalert/3117
cve@mitre.org	http://www.louhi.fi/advisory/buffalo_070907.txt	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/478795/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/478801/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25588	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36492
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37665
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26712
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3117
af854a3a-2127-422b-91ae-364da2661108	http://www.louhi.fi/advisory/buffalo_070907.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478795/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25588	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36492

Impacted products

Vendor	Product	Version
buffalotech	airstation_whr-g54s	1.20
oracle	database_server	9.2.0.8
oracle	database_server	9.2.0.8dv

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:buffalotech:airstation_whr-g54s:1.20:firmware:*:*:*:*:*:*",
              "matchCriteriaId": "C0432ABE-2269-4E15-ACF9-1F20E51DFA15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*",
              "matchCriteriaId": "B2E404AB-7F54-48D5-BFA5-8D08BB3FC6C7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*",
              "matchCriteriaId": "04E72F3A-E839-4CFF-9CB7-1E1FC6F8C8E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el interfaz de administraci\u00f3n de Buffalo AirStation WHR-G54S 1.20 permite a atacantes remotos realizar cambios de configuraci\u00f3n como administradores mediante peticiones HTTP a determinadas p\u00e1ginas HTML en el par\u00e1metro res con un par\u00e1metro inp en la petici\u00f3n a cgi-bin/cgi, como se ha demostrado accediendo a (1)ap.html y (2) filter_ip.html."
    }
  ],
  "id": "CVE-2007-4822",
  "lastModified": "2024-11-21T00:36:31.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-11T19:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26712"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3117"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25588"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.louhi.fi/advisory/buffalo_070907.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478795/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478801/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36492"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-4822

Vulnerability from cvelistv5

gsd-2007-4822

Vulnerability from gsd

ghsa-3443-q38f-fwmh

Vulnerability from github

var-200709-0221

Vulnerability from variot

cve-2007-4822

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature