CVE-2007-4389 | Vulnerability Database | Aqua Security

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

Affected Software

Name	Vendor	Start Version	End Version
1701hg_router	2wire	3.7.1 (including)	3.7.1 (including)
1701hg_router	2wire	3.17.5 (including)	3.17.5 (including)
1701hg_router	2wire	5.29.51 (including)	5.29.51 (including)
1800hw_router	2wire	3.7.1 (including)	3.7.1 (including)
1800hw_router	2wire	3.17.5 (including)	3.17.5 (including)
1800hw_router	2wire	5.29.51 (including)	5.29.51 (including)
2071_router	2wire	3.7.1 (including)	3.7.1 (including)
2071_router	2wire	3.17.5 (including)	3.17.5 (including)
2071_router	2wire	5.29.51 (including)	5.29.51 (including)

References

http://securityreason.com/securityalert/3026
http://www.hakim.ws/2wire/demodns.html
http://www.securityfocus.com/archive/1/476595/100/0/threaded
http://www.securityfocus.com/bid/27246
https://exchange.xforce.ibmcloud.com/vulnerabilities/36044

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4389
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html