High severity8.8NVD Advisory· Published Jan 22, 2016· Updated May 6, 2026

CVE-2016-1134

Description

Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.

Affected products

Buffalotech/Whr 1166dhp Firmware
cpe:2.3:o:buffalotech:whr-1166dhp_firmware:*:*:*:*:*:*:*:*
Range: <=1.90
Buffalotech/Whr 300hp2 Firmware
cpe:2.3:o:buffalotech:whr-300hp2_firmware:*:*:*:*:*:*:*:*
Range: <=1.90
Buffalotech/Wmr 300 Firmware
cpe:2.3:o:buffalotech:wmr-300_firmware:*:*:*:*:*:*:*:*
Range: <=1.90
Buffalotech/Bhr 4grv2 Firmware
cpe:2.3:o:buffalotech:bhr-4grv2_firmware:*:*:*:*:*:*:*:*
Range: <=1.04
Buffalotech/Wex 300 Firmware
cpe:2.3:o:buffalotech:wex-300_firmware:*:*:*:*:*:*:*:*
Range: <=1.90
Buffalotech/Whr 600d Firmware
cpe:2.3:o:buffalotech:whr-600d_firmware:*:*:*:*:*:*:*:*
Range: <=1.90
Buffalotech/Wmr 433 Firmware
cpe:2.3:o:buffalotech:wmr-433_firmware:*:*:*:*:*:*:*:*
Range: <=1.01
Buffalotech/Wsr 1166dhp Firmware
cpe:2.3:o:buffalotech:wsr-1166dhp_firmware:*:*:*:*:*:*:*:*
Range: <=1.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN09268287/index.htmlnvdVendor Advisory
jvndb.jvn.jp/jvndb/JVNDB-2016-000005nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000