6.8

CVE-2008-6605

Exploit

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
2wire1701hg Version3.7.1
2wire1701hg Version3.17.5
2wire1701hg Version4.25.19
2wire1701hg Version5.29.51
2wire1800hw Version3.7.1
2wire1800hw Version3.17.5
2wire1800hw Version4.25.19
2wire1800hw Version5.29.51
2wire2071hg Version3.7.1
2wire2071hg Version3.17.5
2wire2071hg Version4.25.19
2wire2071hg Version5.29.51
2wire2700hg Version3.7.1
2wire2700hg Version3.17.5
2wire2700hg Version4.25.19
2wire2700hg Version5.29.51
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.414
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.