CVEブラウザに戻る

CVE-2007-4389

HIGH

7.8

CVSS Severity Score

EPSS Score0.0310%

EPSS Percentile42.47th

Published2007年8月17日

Last Modified2026年4月23日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Affected Platforms (CPE)

🔌

2wire

1701hg Router

= 3.7.1

🔌

2wire

1701hg Router

= 3.17.5

🔌

2wire

1701hg Router

= 5.29.51

🔌

2wire

1800hw Router

= 3.7.1

🔌

2wire

1800hw Router

= 3.17.5

🔌

2wire

1800hw Router

= 5.29.51

🔌

2wire

2071 Router

= 3.7.1

🔌

2wire

2071 Router

= 3.17.5

🔌

2wire

2071 Router

= 5.29.51

References & Advisories

🔗 http://securityreason.com/securityalert/3026

🔗 http://www.hakim.ws/2wire/demodns.html

🔗 http://www.securityfocus.com/archive/1/476595/100/0/threaded

🔗 http://www.securityfocus.com/bid/27246

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36044

🔗 http://securityreason.com/securityalert/3026

🔗 http://www.hakim.ws/2wire/demodns.html

🔗 http://www.securityfocus.com/archive/1/476595/100/0/threaded

関連する脆弱性情報

CVE-2007-438810.0

2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.

CVE-2007-43874.3

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 softwar...

CVE-2007-122510.0

The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, whi...

CVE-2007-125710.0

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary comma...