CVE-2007-4389

Name of the Vulnerable Software and Affected Versions 2wire 1701HG version 3.17.5 2wire 1800HW version 3.7.1 2wire 2071 Gateway version 5.29.51

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to create DNS mappings as administrators and conduct DNS poisoning attacks. This is achieved via the NAME and ADDR parameters in the /xslt endpoint.

Recommendations For 2wire 1701HG version 3.17.5, update the software to a version that addresses this issue. For 2wire 1800HW version 3.7.1, update the software to a version that addresses this issue. For 2wire 2071 Gateway version 5.29.51, update the software to a version that addresses this issue. As a temporary workaround, consider restricting access to the /xslt endpoint to minimize the risk of exploitation. Avoid using the NAME and ADDR parameters in the affected endpoint until the issue is resolved.