13 lines
No EOL
867 B
Text
13 lines
No EOL
867 B
Text
source: https://www.securityfocus.com/bid/27516/info
|
|
|
|
Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.
|
|
|
|
Unauthenticated attackers can leverage this issue to change the password of arbitrary user accounts on the router. Successful attacks will completely compromise affected devices.
|
|
|
|
2Wire routers that have the 'H04_POST' page are affected by this issue.
|
|
|
|
UPDATE: This BID has been retired because it has been found to be a duplicate of BID 27246 (2Wire Routers Cross-Site Request Forgery Vulnerability).
|
|
|
|
UPDATE (February 1, 2008): This BID is being reinstated. Further investigation and new information reveal that this vulnerability differs from the one described in BID 27246.
|
|
|
|
http://www.example.com/xslt?PAGE=H04_POST&PASSWORD=admin&PASSWORD_CONF=admin |