Description
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hkm · textremotehardware
https://www.exploit-db.com/exploits/31013
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.hakim.ws/2wire/demodns.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3026
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476595/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27246
Scores
EPSS
0.0501
EPSS Percentile
89.8%
Details
Status
published
Products (9)
2wire/1701hg_router
3.7.1
2wire/1701hg_router
3.17.5
2wire/1701hg_router
5.29.51
2wire/1800hw_router
3.7.1
2wire/1800hw_router
3.17.5
2wire/1800hw_router
5.29.51
2wire/2071_router
3.7.1
2wire/2071_router
3.17.5
2wire/2071_router
5.29.51
Published
Aug 17, 2007
Tracked Since
Feb 18, 2026