6.8

CVE-2008-6605

Exploit
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
2wire1701hg Version3.7.1
2wire1701hg Version3.17.5
2wire1701hg Version4.25.19
2wire1701hg Version5.29.51
2wire1800hw Version3.7.1
2wire1800hw Version3.17.5
2wire1800hw Version4.25.19
2wire1800hw Version5.29.51
2wire2071hg Version3.7.1
2wire2071hg Version3.17.5
2wire2071hg Version4.25.19
2wire2071hg Version5.29.51
2wire2700hg Version3.7.1
2wire2700hg Version3.17.5
2wire2700hg Version4.25.19
2wire2700hg Version5.29.51
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.561
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://osvdb.org/49835
http://www.securityfocus.com/bid/32211
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46537
https://www.exploit-db.com/exploits/7060