CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4389

HIGH
7.8
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile42.47th
PublishedAug 17, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Affected Platforms (CPE)

πŸ”Œ
2wire

1701hg Router

= 3.7.1
πŸ”Œ
2wire

1701hg Router

= 3.17.5
πŸ”Œ
2wire

1701hg Router

= 5.29.51
πŸ”Œ
2wire

1800hw Router

= 3.7.1
πŸ”Œ
2wire

1800hw Router

= 3.17.5
πŸ”Œ
2wire

1800hw Router

= 5.29.51
πŸ”Œ
2wire

2071 Router

= 3.7.1
πŸ”Œ
2wire

2071 Router

= 3.17.5
πŸ”Œ
2wire

2071 Router

= 5.29.51

References & Advisories

πŸ”— http://securityreason.com/securityalert/3026
πŸ”— http://www.hakim.ws/2wire/demodns.html
πŸ”— http://www.securityfocus.com/archive/1/476595/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/27246
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
πŸ”— http://securityreason.com/securityalert/3026
πŸ”— http://www.hakim.ws/2wire/demodns.html
πŸ”— http://www.securityfocus.com/archive/1/476595/100/0/threaded

Related Vulnerabilities

CVE-2007-438810.0

2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.

CVE-2007-43874.3

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 softwar...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...