Lucene search

[email protected]CVE-2009-3962

HistoryNov 17, 2009 - 6:30 p.m.

CVE-2009-3962

2009-11-1718:30:00

CWE-20

[email protected]

web.nvd.nist.gov

2wire gateway

denial of service

cve-2009-3962

nvd

security vulnerability

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.8%

JSON

The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523.

CPENameOperatorVersion
2wire:2701hg-t2wire 2701hg-teq*
2wire:2700hg2wire 2700hgeq*
2wire:1700hg2wire 1700hgeq*
2wire:1701hg2wire 1701hgeq*
2wire:1800hw2wire 1800hweq*
2wire:20712wire 2071eq*
2wire:1700hg2wire 1700hgle5.29.51
2wire:1701hg2wire 1701hgle5.29.51
2wire:20712wire 2071le5.29.51
2wire:2700hg2wire 2700hgle5.29.51

CPE	Name	Operator	Version
2wire:2701hg-t	2wire 2701hg-t	eq	*
2wire:2700hg	2wire 2700hg	eq	*
2wire:1700hg	2wire 1700hg	eq	*
2wire:1701hg	2wire 1701hg	eq	*
2wire:1800hw	2wire 1800hw	eq	*
2wire:2071	2wire 2071	eq	*
2wire:1700hg	2wire 1700hg	le	5.29.51
2wire:1701hg	2wire 1701hg	le	5.29.51
2wire:2071	2wire 2071	le	5.29.51
2wire:2700hg	2wire 2700hg	le	5.29.51

Rows per page:

1-10 of 121

References

webvuln.com/advisories/2wire.remote.denial.of.service.txt

www.securityfocus.com/archive/1/507587/100/0/threaded

www.securitytracker.com/id?1023116

www.vupen.com/english/advisories/2009/3110

7 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2009-3962

prion1 cve1