cvelistv5 - CVE-2007-4387

CVE-2007-4387 (GCVE-0-2007-4387)

Vulnerability from cvelistv5

Published

2007-08-17 22:00

Modified

2024-08-07 14:53

Severity ?

CWE

Summary

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.

References

URL

Tags

	cve@mitre.org	http://osvdb.org/37667
	cve@mitre.org	http://secunia.com/advisories/26496
	cve@mitre.org	http://securityreason.com/securityalert/3026
	cve@mitre.org	http://www.securityfocus.com/archive/1/476595/100/0/threaded
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37667
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26496
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3026
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/476595/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36044

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2wire-xslt-csrf(36044)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
          },
          {
            "name": "3026",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3026"
          },
          {
            "name": "20070815 Cross Site Request Forgery in 2wire routers",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
          },
          {
            "name": "26496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26496"
          },
          {
            "name": "37667",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37667"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2wire-xslt-csrf(36044)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
        },
        {
          "name": "3026",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3026"
        },
        {
          "name": "20070815 Cross Site Request Forgery in 2wire routers",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
        },
        {
          "name": "26496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26496"
        },
        {
          "name": "37667",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37667"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2wire-xslt-csrf(36044)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
            },
            {
              "name": "3026",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3026"
            },
            {
              "name": "20070815 Cross Site Request Forgery in 2wire routers",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
            },
            {
              "name": "26496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26496"
            },
            {
              "name": "37667",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37667"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4387",
    "datePublished": "2007-08-17T22:00:00",
    "dateReserved": "2007-08-17T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4387\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-17T22:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en /xslt de los enrutadores de acceso(Gateway routers) 2wire 1701HG y 2071 Gateway, con software 3.17.5 y 5.29.51, permite a atacantes remotos llevar a cabo determinados cambios en la configuraci\u00f3n como administradores.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:2wire:1701hg_router:3.17.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"884F1148-AC2B-402B-8519-60BB39D2562B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:2wire:1701hg_router:5.29.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F8B3DD-2F9D-4D76-AEFF-F3CA1F896163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:2wire:2071_router:3.17.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C3F76B-04CF-4F3E-AF94-A1709E8BC8FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:2wire:2071_router:5.29.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD57A887-A1F0-471C-A905-77BDDA8190DB\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37667\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3026\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/476595/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36044\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/476595/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2007-4387

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4387

Aliases

CVE-2007-4387

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4387",
    "description": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.",
    "id": "GSD-2007-4387"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4387"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.",
      "id": "GSD-2007-4387",
      "modified": "2023-12-13T01:21:36.426541Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4387",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "2wire-xslt-csrf(36044)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
          },
          {
            "name": "3026",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3026"
          },
          {
            "name": "20070815 Cross Site Request Forgery in 2wire routers",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
          },
          {
            "name": "26496",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26496"
          },
          {
            "name": "37667",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37667"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:2wire:2071_router:5.29.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:2wire:1701hg_router:5.29.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:2wire:2071_router:3.17.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:2wire:1701hg_router:3.17.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4387"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26496",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26496"
            },
            {
              "name": "3026",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3026"
            },
            {
              "name": "37667",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37667"
            },
            {
              "name": "2wire-xslt-csrf(36044)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
            },
            {
              "name": "20070815 Cross Site Request Forgery in 2wire routers",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:34Z",
      "publishedDate": "2007-08-17T22:17Z"
    }
  }
}

var-200708-0345

Vulnerability from variot

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to perform certain actions on the device when a logged in administrator is tricked into visiting a malicious web page.

The vulnerability is reported in 1701HG version 3.17.5 and 2071 Gateway version 5.29.51. Other versions may also be affected.

SOLUTION: Do not browse untrusted web sites while being logged in to the administrative section of the device.

PROVIDED AND/OR DISCOVERED BY: hkm

ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0345",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "1701hg router",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "2wire",
        "version": "5.29.51"
      },
      {
        "model": "1701hg router",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "2wire",
        "version": "3.17.5"
      },
      {
        "model": "2071 router",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "2wire",
        "version": "5.29.51"
      },
      {
        "model": "2071 router",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "2wire",
        "version": "3.17.5"
      },
      {
        "model": "1701hg router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "2wire",
        "version": "software 5.29.51 and  3.17.5"
      },
      {
        "model": "2071 router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "2wire",
        "version": "software 5.29.51 and  3.17.5"
      },
      {
        "model": "router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "2wire",
        "version": "20715.29.51"
      },
      {
        "model": "router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "2wire",
        "version": "20713.17.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:2wire:1701hg_router",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:2wire:2071_router",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "85448"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-4387",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-4387",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27749",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-4387",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-4387",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200708-277",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27749",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. A remote attacker performs some setting changes like an administrator. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. This can be\nexploited to perform certain actions on the device when a logged in\nadministrator is tricked into visiting a malicious web page. \n\nThe vulnerability is reported in 1701HG version 3.17.5 and 2071\nGateway version 5.29.51. Other versions may also be affected. \n\nSOLUTION:\nDo not browse untrusted web sites while being logged in to the\nadministrative section of the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nhkm\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "BID",
        "id": "85448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "db": "PACKETSTORM",
        "id": "58730"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4387",
        "trust": 2.8
      },
      {
        "db": "SREASON",
        "id": "3026",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26496",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "37667",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "36044",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "2",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070815 CROSS SITE REQUEST FORGERY IN 2WIRE ROUTERS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "85448",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-27749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58730",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "db": "BID",
        "id": "85448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "PACKETSTORM",
        "id": "58730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "id": "VAR-200708-0345",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:53:31.314000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.2wire.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://securityreason.com/securityalert/3026"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37667"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26496"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/476595/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://xforce.iss.net/xforce/xfdb/36044"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4387"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4387"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2862/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26496/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11696/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2007-08/0226.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "db": "BID",
        "id": "85448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "PACKETSTORM",
        "id": "58730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "db": "BID",
        "id": "85448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "db": "PACKETSTORM",
        "id": "58730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "date": "2007-08-17T00:00:00",
        "db": "BID",
        "id": "85448"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "date": "2007-08-21T20:07:00",
        "db": "PACKETSTORM",
        "id": "58730"
      },
      {
        "date": "2007-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "date": "2007-08-17T22:17:00",
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27749"
      },
      {
        "date": "2007-08-17T00:00:00",
        "db": "BID",
        "id": "85448"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      },
      {
        "date": "2007-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      },
      {
        "date": "2024-11-21T00:35:28.220000",
        "db": "NVD",
        "id": "CVE-2007-4387"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "2wire 1701HG and  2071 Gateway of  /xslt Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002515"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-277"
      }
    ],
    "trust": 0.6
  }
}

ghsa-j7cr-pfx5-wv5h

Vulnerability from github

Published

2022-05-01 18:23

Modified

2022-05-01 18:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4387"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-17T22:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.",
  "id": "GHSA-j7cr-pfx5-wv5h",
  "modified": "2022-05-01T18:23:09Z",
  "published": "2022-05-01T18:23:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4387"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37667"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26496"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3026"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2007-4387

Vulnerability from fkie_nvd

Published

2007-08-17 22:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://osvdb.org/37667
	cve@mitre.org	http://secunia.com/advisories/26496
	cve@mitre.org	http://securityreason.com/securityalert/3026
	cve@mitre.org	http://www.securityfocus.com/archive/1/476595/100/0/threaded
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36044
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37667
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26496
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3026
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/476595/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36044

Impacted products

Vendor	Product	Version
2wire	1701hg_router	3.17.5
2wire	1701hg_router	5.29.51
2wire	2071_router	3.17.5
2wire	2071_router	5.29.51

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:2wire:1701hg_router:3.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "884F1148-AC2B-402B-8519-60BB39D2562B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:2wire:1701hg_router:5.29.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F8B3DD-2F9D-4D76-AEFF-F3CA1F896163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:2wire:2071_router:3.17.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C3F76B-04CF-4F3E-AF94-A1709E8BC8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:2wire:2071_router:5.29.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD57A887-A1F0-471C-A905-77BDDA8190DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en /xslt de los enrutadores de acceso(Gateway routers) 2wire 1701HG y 2071 Gateway, con software 3.17.5 y 5.29.51, permite a atacantes remotos llevar a cabo determinados cambios en la configuraci\u00f3n como administradores."
    }
  ],
  "id": "CVE-2007-4387",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-08-17T22:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37667"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3026"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36044"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4387 (GCVE-0-2007-4387)

Vulnerability from cvelistv5

gsd-2007-4387

Vulnerability from gsd

var-200708-0345

Vulnerability from variot

ghsa-j7cr-pfx5-wv5h

Vulnerability from github

fkie_cve-2007-4387

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature