Vulnerabilities > 2Wire

DATE CVE VULNERABILITY TITLE RISK
2009-11-17 CVE-2009-3962 Improper Input Validation vulnerability in 2Wire products
The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523.
network
low complexity
2wire CWE-20
7.8
2009-04-06 CVE-2008-6605 Cross-Site Request Forgery (CSRF) vulnerability in 2Wire products
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
network
2wire CWE-352
6.8
2007-08-17 CVE-2007-4389 Cross-Site Request Forgery vulnerability in 2Wire Routers
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.
network
2wire
7.8
2007-08-17 CVE-2007-4388 Remote Security vulnerability in 1701Hg Router
2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.
network
low complexity
2wire
critical
10.0
2007-08-17 CVE-2007-4387 Cross-Site Request Forgery vulnerability in 1701Hg Router
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
network
2wire
4.3
2004-12-31 CVE-2004-2749 Path Traversal vulnerability in 2Wire Homeportal
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a ..
network
2wire CWE-22
4.3