Details of VAR-200708-0345

ID

VAR-200708-0345

CVE

CVE-2007-4387

TITLE

2wire 1701HG and 2071 Gateway of /xslt Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2007-002515

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. A remote attacker performs some setting changes like an administrator. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to perform certain actions on the device when a logged in administrator is tricked into visiting a malicious web page. The vulnerability is reported in 1701HG version 3.17.5 and 2071 Gateway version 5.29.51. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites while being logged in to the administrative section of the device. PROVIDED AND/OR DISCOVERED BY: hkm ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4387 // JVNDB: JVNDB-2007-002515 // BID: 85448 // VULHUB: VHN-27749 // PACKETSTORM: 58730

AFFECTED PRODUCTS

vendor:	2wire	model:	1701hg router	scope:	eq	version:	5.29.51	Trust: 1.9
vendor:	2wire	model:	1701hg router	scope:	eq	version:	3.17.5	Trust: 1.9
vendor:	2wire	model:	2071 router	scope:	eq	version:	5.29.51	Trust: 1.6
vendor:	2wire	model:	2071 router	scope:	eq	version:	3.17.5	Trust: 1.6
vendor:	2wire	model:	1701hg router	scope:	eq	version:	software 5.29.51 and 3.17.5	Trust: 0.8
vendor:	2wire	model:	2071 router	scope:	eq	version:	software 5.29.51 and 3.17.5	Trust: 0.8
vendor:	2wire	model:	router	scope:	eq	version:	20715.29.51	Trust: 0.3
vendor:	2wire	model:	router	scope:	eq	version:	20713.17.5	Trust: 0.3

sources: BID: 85448 // JVNDB: JVNDB-2007-002515 // CNNVD: CNNVD-200708-277 // NVD: CVE-2007-4387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4387
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4387
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-277
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27749
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4387
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27749
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27749 // JVNDB: JVNDB-2007-002515 // CNNVD: CNNVD-200708-277 // NVD: CVE-2007-4387

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-277

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200708-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002515

PATCH

title:

Top Page

url:

http://www.2wire.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002515

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4387	Trust: 2.8
db:	SREASON	id:	3026	Trust: 2.0
db:	SECUNIA	id:	26496	Trust: 1.8
db:	OSVDB	id:	37667	Trust: 1.7
db:	XF	id:	36044	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-002515	Trust: 0.8
db:	XF	id:	2	Trust: 0.6
db:	BUGTRAQ	id:	20070815 CROSS SITE REQUEST FORGERY IN 2WIRE ROUTERS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-277	Trust: 0.6
db:	BID	id:	85448	Trust: 0.4
db:	VULHUB	id:	VHN-27749	Trust: 0.1
db:	PACKETSTORM	id:	58730	Trust: 0.1

sources: VULHUB: VHN-27749 // BID: 85448 // JVNDB: JVNDB-2007-002515 // PACKETSTORM: 58730 // CNNVD: CNNVD-200708-277 // NVD: CVE-2007-4387

REFERENCES

url:	http://securityreason.com/securityalert/3026	Trust: 2.0
url:	http://osvdb.org/37667	Trust: 1.7
url:	http://secunia.com/advisories/26496	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/476595/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36044	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/476595/100/0/threaded	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/36044	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4387	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4387	Trust: 0.8
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/2862/	Trust: 0.1
url:	http://secunia.com/advisories/26496/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/11696/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-27749 // BID: 85448 // JVNDB: JVNDB-2007-002515 // PACKETSTORM: 58730 // CNNVD: CNNVD-200708-277 // NVD: CVE-2007-4387

CREDITS

Unknown

Trust: 0.3

sources: BID: 85448

SOURCES

db:	VULHUB	id:	VHN-27749
db:	BID	id:	85448
db:	JVNDB	id:	JVNDB-2007-002515
db:	PACKETSTORM	id:	58730
db:	CNNVD	id:	CNNVD-200708-277
db:	NVD	id:	CVE-2007-4387

LAST UPDATE DATE

2025-04-10T21:38:34.033000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27749	date:	2018-10-15T00:00:00
db:	BID	id:	85448	date:	2007-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2007-002515	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-277	date:	2007-08-20T00:00:00
db:	NVD	id:	CVE-2007-4387	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27749	date:	2007-08-17T00:00:00
db:	BID	id:	85448	date:	2007-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2007-002515	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	58730	date:	2007-08-21T20:07:00
db:	CNNVD	id:	CNNVD-200708-277	date:	2007-08-17T00:00:00
db:	NVD	id:	CVE-2007-4387	date:	2007-08-17T22:17:00