Unrated severityNVD Advisory· Published Apr 6, 2009· Updated Apr 23, 2026

CVE-2008-6605

Description

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Affected products

2wire/1701hg4 versions
cpe:2.3:h:2wire:1701hg:3.17.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:h:2wire:1701hg:3.17.5:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1701hg:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1701hg:4.25.19:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1701hg:5.29.51:*:*:*:*:*:*:*
2wire/1800hw4 versions
cpe:2.3:h:2wire:1800hw:3.17.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:h:2wire:1800hw:3.17.5:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1800hw:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1800hw:4.25.19:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:1800hw:5.29.51:*:*:*:*:*:*:*
2wire/2071hg4 versions
cpe:2.3:h:2wire:2071hg:3.17.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:h:2wire:2071hg:3.17.5:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2071hg:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2071hg:4.25.19:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2071hg:5.29.51:*:*:*:*:*:*:*
2wire/2700hg4 versions
cpe:2.3:h:2wire:2700hg:3.17.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:h:2wire:2700hg:3.17.5:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2700hg:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2700hg:4.25.19:*:*:*:*:*:*:*
- cpe:2.3:h:2wire:2700hg:5.29.51:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000