1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP 2Wire Drive-By Automatic Config Change

HTTP 2Wire Drive-By Automatic Config Change

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a cross-site request-forgery vulnerability with a 2Wire router which could result in automatic re-configuration to the router.

Additional Information

2Wire routers are network devices designed for home and small-office setups.

Multiple 2Wire routers are prone to a cross-site request-forgery vulnerability. Attackers exploit this issue by tricking a victim into visiting a malicious web page. The page will consist of specially crafted 'xslt' requests designed to perform some action on the attacker's behalf.

An attacker can exploit this issue to perform DNS-poisoning attacks through the 'NAME' and 'ADDR' parameters. The attacker may also be able to modify password settings on the vulnerable device. Other attacks are also possible.

A successful attack will result in a remote compromise of the affected device, potentially aiding in further attacks.

Affected

  • 2Wire 1701HG 3.7.1, 3.17.5, 5.29.51
  • 2Wire 1800HW 3.7.1, 3.17.5, 5.29.51
  • 2Wire 2071 Gateway 3.7.1, 3.17.5, 5.29.51
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube