Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

2wire Remote Denial of Service

🗓️ 30 Oct 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 21 Views

2wire Remote Denial of Service vulnerability on certain models, enabling unauthenticated remote reboot through SSL interface

Code

                                                           ========================================
               2WIRE REMOTE DENIAL OF SERVICE
         ========================================


Device:      2wire Gateway Router/Modem
Vulnerable Software:   =< 5.29.52
Vulnerable Models:   1700HG
         1701HG
         1800HW
         2071
         2700HG
         2701HG-T
Release Date:    2009-10-29
Last Update:    2009-09
Critical:    Moderately critical
Impact:    Denial of service
      Remote router reboot
Where:      From remote
      In the remote management interface
Solution Status:   Vendor issued firmware patches
         Providers are in charge of applying the patches
WebVuln Advisory:   1-003


  BACKGROUND
=======================

The remote management interface of some 2wire modems is enabled by
default.
This interface runs over SSL on port 50001 with an untrusted issuer
certificate.

++Español
Algunos módems 2wire tienen la interfaz remota habilitada por default.
La interfaz utiliza SSL con un certificado invalido en el puerto 50001.


   DESCRIPTION
=======================

Some 2wire modems are vulnerable to a remote denial of service attack.
By requesting a special url from the Remote Management interface, an
unathenticated
user can remotely reboot the complete device.

++
Algunos módems 2wire son vulnerables a un ataque de denegación de
servicio.
Un usuario no autenticado puede reiniciar el dispositivo enviando una
petición a
la interfaz de Administración remota.


  EXPLOIT / POC
=======================

 https://<remoteIP>:50001/xslt?page=%0d%0a


  WORKAROUND
=======================

Disable Remote Management in Firewall -> Advanced Settings.

++
Deshabilitar Administración remota en Cortafuegos -> Configuración
avanzada


   DISCLOSURE TIMELINE
=======================

2009/09/06 - Vulnerability discovered
2009/09/08 - Vendor contacted


                  =======================

                           h k m
                        [email protected]
                    http://www.hakim.ws

                  http://www.webvuln.com/

                  =======================
Greets:
preth00nker, DromoroK, mr.ebola, Javier, d0ct0r_4rz0v1zp0, ch@vez, fito,
HL, Xianur0, Pr@fEs0r X, Daemon, us3r.

  REFERENCES
=======================

Preth00nker's exploit (LAN) - http://www.milw0rm.com/exploits/2246
2Wire Gateways CRLF DoS (from local network) -
http://secunia.com/advisories/21583
Hakim.Ws - http://www.hakim.ws
WebVuln - http://www.webvuln.com

2009-09 - WebVuln - http://www.webvuln.com

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2009 00:00Current
7.1High risk
Vulners AI Score7.1
2wire gateway routerdenial of serviceremote rebootssl interfaceunauthenticated userfirmware patchesremote management.
21