CVE-2008-6605

Name of the Vulnerable Software and Affected Versions 2wire 1701HG versions 3.17.5, 3.7.1, 4.25.19, or 5.29.51 2wire 1800HW versions 3.17.5, 3.7.1, 4.25.19, or 5.29.51 2wire 2071HG versions 3.17.5, 3.7.1, 4.25.19, or 5.29.51 2wire 2700HG versions 3.17.5, 3.7.1, 4.25.19, or 5.29.51

Description A cross-site request forgery (CSRF) issue exists in the xslt script of the web-based management interface, allowing remote attackers to hijack the intranet connectivity of users. This can be achieved by sending requests that cause a denial of service, resulting in a network outage. The attack vector involves a page parameter with a % character followed by a non-alphanumeric character.

Recommendations For 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51, consider disabling the xslt script in the web-based management interface as a temporary workaround until a patch is available. Avoid using page parameters with a % character followed by a non-alphanumeric character in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.