Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 2Wire | 1701Hg Router | 3.7.1 |
| 2Wire | 1800Hw Router | 3.7.1 |
| 2Wire | 2071 Router | 3.7.1 |
References
- http://securityreason.com/securityalert/3026
- http://www.hakim.ws/2wire/demodns.html
- http://www.securityfocus.com/archive/1/476595/100/0/threaded
- http://www.securityfocus.com/bid/27246
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
- http://securityreason.com/securityalert/3026
- http://www.hakim.ws/2wire/demodns.html
- http://www.securityfocus.com/archive/1/476595/100/0/threaded
- http://www.securityfocus.com/bid/27246
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
FAQ
What is CVE-2007-4389?
CVE-2007-4389 is a vulnerability with a CVSS score of 7.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as ...
How severe is CVE-2007-4389?
CVE-2007-4389 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4389?
Check the references section above for vendor advisories and patch information. Affected products include: 2Wire 1701Hg Router, 2Wire 1800Hw Router, 2Wire 2071 Router.