← Back

CVE-2008-6605

nvd nist
Published: Apr 6, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Affected (16)

2wire
4 products
1701hg
1800hw
2071hg
2700hg
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
2wire
1701hg
Version 3.17.5
1701hg
Version 3.7.1
1701hg
Version 4.25.19
1701hg
Version 5.29.51
2wire
1800hw
Version 3.17.5
1800hw
Version 3.7.1
1800hw
Version 4.25.19
1800hw
Version 5.29.51
2wire
2071hg
Version 3.17.5
2071hg
Version 3.7.1
2071hg
Version 4.25.19
2071hg
Version 5.29.51
2wire
2700hg
Version 3.17.5
2700hg
Version 3.7.1
2700hg
Version 4.25.19
2700hg
Version 5.29.51

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.