CVE-2008-6605

Exploit

EPSS 0.22%
Published 06.04.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

2wire ≫ 1701hg Version3.7.1

2wire ≫ 1701hg Version3.17.5

2wire ≫ 1701hg Version4.25.19

2wire ≫ 1701hg Version5.29.51

2wire ≫ 1800hw Version3.7.1

2wire ≫ 1800hw Version3.17.5

2wire ≫ 1800hw Version4.25.19

2wire ≫ 1800hw Version5.29.51

2wire ≫ 2071hg Version3.7.1

2wire ≫ 2071hg Version3.17.5

2wire ≫ 2071hg Version4.25.19

2wire ≫ 2071hg Version5.29.51

2wire ≫ 2700hg Version3.7.1

2wire ≫ 2700hg Version3.17.5

2wire ≫ 2700hg Version4.25.19

2wire ≫ 2700hg Version5.29.51

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.414

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://osvdb.org/49835

http://www.securityfocus.com/bid/32211

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/46537

https://www.exploit-db.com/exploits/7060

https://nvd.nist.gov/vuln/detail/CVE-2008-6605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6605

EUVD