ID CVE-2007-4387
Summary Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
References
Vulnerable Configurations
  • cpe:2.3:h:2wire:1701hg_router:3.17.5
    cpe:2.3:h:2wire:1701hg_router:3.17.5
  • cpe:2.3:h:2wire:1701hg_router:5.29.51
    cpe:2.3:h:2wire:1701hg_router:5.29.51
  • cpe:2.3:h:2wire:2071_router:3.17.5
    cpe:2.3:h:2wire:2071_router:3.17.5
  • cpe:2.3:h:2wire:2071_router:5.29.51
    cpe:2.3:h:2wire:2071_router:5.29.51
CVSS
Base: 4.3 (as of 20-08-2007 - 08:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
metasploit via4
description This module will reset the admin password on a 2Wire wireless router. This is done by using the /xslt page where authentication is not required, thus allowing configuration changes (such as resetting the password) as administrators.
id MSF:AUXILIARY/ADMIN/2WIRE/XSLT_PASSWORD_RESET
last seen 2019-03-30
modified 2018-09-15
published 2011-07-07
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/2wire/xslt_password_reset.rb
title 2Wire Cross-Site Request Forgery Password Reset Vulnerability
refmap via4
bugtraq 20070815 Cross Site Request Forgery in 2wire routers
osvdb 37667
secunia 26496
sreason 3026
xf 2wire-xslt-csrf(36044)
Last major update 15-11-2008 - 01:56
Published 17-08-2007 - 18:17
Last modified 15-10-2018 - 17:34
Back to Top