Description
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
Exploits (1)
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32211
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/49835
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46537
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7060
Scores
EPSS
0.0043
EPSS Percentile
62.7%
Details
CWE
CWE-352
Status
published
Products (16)
2wire/1701hg
3.7.1
2wire/1701hg
3.17.5
2wire/1701hg
4.25.19
2wire/1701hg
5.29.51
2wire/1800hw
3.7.1
2wire/1800hw
3.17.5
2wire/1800hw
4.25.19
2wire/1800hw
5.29.51
2wire/2071hg
3.7.1
2wire/2071hg
3.17.5
... and 6 more
Published
Apr 06, 2009
Tracked Since
Feb 18, 2026