CVE-2007-4389

high

Description

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36044

http://www.securityfocus.com/bid/27246

http://www.securityfocus.com/archive/1/476595/100/0/threaded

http://www.hakim.ws/2wire/demodns.html

http://securityreason.com/securityalert/3026

Details

Source: Mitre, NVD

Published: 2007-08-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.03538