Lucene search

[email protected]CVE-2007-4389

HistoryAug 17, 2007 - 10:17 p.m.

CVE-2007-4389

2007-08-1722:17:00

[email protected]

web.nvd.nist.gov

csrf

vulnerability

2wire routers

dns poisoning

nvd

cve-2007-4389

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

6.9 Medium

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Affected configurations

NVD

Node

2wire1701hg_routerMatch3.7.1

2wire1701hg_routerMatch3.17.5

2wire1701hg_routerMatch5.29.51

2wire1800hw_routerMatch3.7.1

2wire1800hw_routerMatch3.17.5

2wire1800hw_routerMatch5.29.51

2wire2071_routerMatch3.7.1

2wire2071_routerMatch3.17.5

2wire2071_routerMatch5.29.51

CPENameOperatorVersion
2wire:1701hg_router2wire 1701hg routereq3.7.1
2wire:1701hg_router2wire 1701hg routereq3.17.5
2wire:1701hg_router2wire 1701hg routereq5.29.51
2wire:1800hw_router2wire 1800hw routereq3.7.1
2wire:1800hw_router2wire 1800hw routereq3.17.5
2wire:1800hw_router2wire 1800hw routereq5.29.51
2wire:2071_router2wire 2071 routereq3.7.1
2wire:2071_router2wire 2071 routereq3.17.5
2wire:2071_router2wire 2071 routereq5.29.51

CPE	Name	Operator	Version
2wire:1701hg_router	2wire 1701hg router	eq	3.7.1
2wire:1701hg_router	2wire 1701hg router	eq	3.17.5
2wire:1701hg_router	2wire 1701hg router	eq	5.29.51
2wire:1800hw_router	2wire 1800hw router	eq	3.7.1
2wire:1800hw_router	2wire 1800hw router	eq	3.17.5
2wire:1800hw_router	2wire 1800hw router	eq	5.29.51
2wire:2071_router	2wire 2071 router	eq	3.7.1
2wire:2071_router	2wire 2071 router	eq	3.17.5
2wire:2071_router	2wire 2071 router	eq	5.29.51

References

securityreason.com/securityalert/3026

www.hakim.ws/2wire/demodns.html

www.securityfocus.com/archive/1/476595/100/0/threaded

www.securityfocus.com/bid/27246

exchange.xforce.ibmcloud.com/vulnerabilities/36044

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

6.9 Medium

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2007-4389

prion1 nvd1 cvelist1