Published: 06/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to 2071hg

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote malicious users to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
2wire 2071hg 5.29.51
2wire 2071hg 4.25.19
2wire 2700hg 3.17.5
2wire 2700hg 3.7.1
2wire 1800hw 3.17.5
2wire 1800hw 3.7.1
2wire 2071hg 3.17.5
2wire 2071hg 3.7.1
2wire 1701hg 3.17.5
2wire 1701hg 3.7.1
2wire 1701hg 5.29.51
2wire 1701hg 4.25.19
2wire 2700hg 5.29.51
2wire 2700hg 4.25.19
2wire 1800hw 5.29.51
2wire 1800hw 4.25.19

2WIRE ROUTER DSL DENIAL OF SERVICE VULNERABLE Model: 1701HG, 1800HW, 2071HG, 2700HG Gateway Firmware: v3175, 371, 42519, 52951 The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character PoC: (this can be set in an IMG tag or whatever) gateway2wirenet ...

CWE-352 http://www.securityfocus.com/bid/32211 http://osvdb.org/49835 https://exchange.xforce.ibmcloud.com/vulnerabilities/46537 https://www.exploit-db.com/exploits/7060 https://nvd.nist.gov https://www.exploit-db.com/exploits/7060/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-6605

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect