Lucene search

[email protected]NVD:CVE-2007-4389

HistoryAug 17, 2007 - 10:17 p.m.

CVE-2007-4389

2007-08-1722:17:00

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

AI Score

6.9

Confidence

Low

EPSS

0.034

Percentile

91.5%

JSON

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Affected configurations

Nvd

Node

2wire1701hg_routerMatch3.7.1

2wire1701hg_routerMatch3.17.5

2wire1701hg_routerMatch5.29.51

2wire1800hw_routerMatch3.7.1

2wire1800hw_routerMatch3.17.5

2wire1800hw_routerMatch5.29.51

2wire2071_routerMatch3.7.1

2wire2071_routerMatch3.17.5

2wire2071_routerMatch5.29.51

VendorProductVersionCPE
2wire1701hg_router3.7.1cpe:2.3:h:2wire:1701hg_router:3.7.1:*:*:*:*:*:*:*
2wire1701hg_router3.17.5cpe:2.3:h:2wire:1701hg_router:3.17.5:*:*:*:*:*:*:*
2wire1701hg_router5.29.51cpe:2.3:h:2wire:1701hg_router:5.29.51:*:*:*:*:*:*:*
2wire1800hw_router3.7.1cpe:2.3:h:2wire:1800hw_router:3.7.1:*:*:*:*:*:*:*
2wire1800hw_router3.17.5cpe:2.3:h:2wire:1800hw_router:3.17.5:*:*:*:*:*:*:*
2wire1800hw_router5.29.51cpe:2.3:h:2wire:1800hw_router:5.29.51:*:*:*:*:*:*:*
2wire2071_router3.7.1cpe:2.3:h:2wire:2071_router:3.7.1:*:*:*:*:*:*:*
2wire2071_router3.17.5cpe:2.3:h:2wire:2071_router:3.17.5:*:*:*:*:*:*:*
2wire2071_router5.29.51cpe:2.3:h:2wire:2071_router:5.29.51:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
2wire	1701hg_router	3.7.1	cpe:2.3:h:2wire:1701hg_router:3.7.1:::::::*
2wire	1701hg_router	3.17.5	cpe:2.3:h:2wire:1701hg_router:3.17.5:::::::*
2wire	1701hg_router	5.29.51	cpe:2.3:h:2wire:1701hg_router:5.29.51:::::::*
2wire	1800hw_router	3.7.1	cpe:2.3:h:2wire:1800hw_router:3.7.1:::::::*
2wire	1800hw_router	3.17.5	cpe:2.3:h:2wire:1800hw_router:3.17.5:::::::*
2wire	1800hw_router	5.29.51	cpe:2.3:h:2wire:1800hw_router:5.29.51:::::::*
2wire	2071_router	3.7.1	cpe:2.3:h:2wire:2071_router:3.7.1:::::::*
2wire	2071_router	3.17.5	cpe:2.3:h:2wire:2071_router:3.17.5:::::::*
2wire	2071_router	5.29.51	cpe:2.3:h:2wire:2071_router:5.29.51:::::::*

References

securityreason.com/securityalert/3026

www.hakim.ws/2wire/demodns.html

www.securityfocus.com/archive/1/476595/100/0/threaded

www.securityfocus.com/bid/27246

exchange.xforce.ibmcloud.com/vulnerabilities/36044

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:P/A:C

AI Score

6.9

Confidence

Low

EPSS

0.034

Percentile

91.5%

JSON

Related for NVD:CVE-2007-4389

prion1 cvelist1 exploitdb1 cve1