Vulnerabilities > CVE-2007-4387 - Cross-Site Request Forgery vulnerability in 1701Hg Router
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 4 |
Metasploit
description | This module will reset the admin password on a 2Wire wireless router. This is done by using the /xslt page where authentication is not required, thus allowing configuration changes (such as resetting the password) as administrators. |
id | MSF:AUXILIARY/ADMIN/2WIRE/XSLT_PASSWORD_RESET |
last seen | 2020-01-16 |
modified | 2018-09-15 |
published | 2011-07-07 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/2wire/xslt_password_reset.rb |
title | 2Wire Cross-Site Request Forgery Password Reset Vulnerability |