Published: 17/08/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 7.8 | Exploitability Score: 8.6

VMScore: 785

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:C

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote malicious users to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
2wire 1800hw router 3.17.5
2wire 1800hw router 3.7.1
2wire 1701hg router 3.7.1
2wire 1701hg router 5.29.51
2wire 1701hg router 3.17.5
2wire 2071 router 3.7.1
2wire 2071 router 5.29.51
2wire 1800hw router 5.29.51
2wire 2071 router 3.17.5

source: wwwsecurityfocuscom/bid/27246/info Multiple 2Wire routers are prone to a cross-site request-forgery vulnerability Exploiting this issue may allow a remote attacker to execute arbitrary actions on an affected device Set a password (NUEVOPASS): 1921681254/xslt?PAGE=A05_POST&THISPAGE=A05&NEXTPAGE=A05_POST&E ...

NVD-CWE-Other http://www.hakim.ws/2wire/demodns.html http://securityreason.com/securityalert/3026 http://www.securityfocus.com/bid/27246 https://exchange.xforce.ibmcloud.com/vulnerabilities/36044 http://www.securityfocus.com/archive/1/476595/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31013/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4389

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect