TUCoPS :: Network Appliances :: bt-21907.htm

2wire Remote Denial of Service
2wire Remote Denial of Service
2wire Remote Denial of Service




           =======================================               2WIRE REMOTE DENIAL OF SERVICE
         =======================================

Device:      2wire Gateway Router/Modem
Vulnerable Software:   =< 5.29.52
Vulnerable Models:   1700HG
         1701HG
         1800HW
         2071
         2700HG
         2701HG-T
Release Date:    2009-10-29
Last Update:    2009-09
Critical:    Moderately critical
Impact:    Denial of service
      Remote router reboot
Where:      From remote
      In the remote management interface
Solution Status:   Vendor issued firmware patches
         Providers are in charge of applying the patches
WebVuln Advisory:   1-003


  BACKGROUND
======================
The remote management interface of some 2wire modems is enabled by
default.
This interface runs over SSL on port 50001 with an untrusted issuer
certificate.

++Espa=C3=B1ol
Algunos m=C3=B3dems 2wire tienen la interfaz remota habilitada por default.
La interfaz utiliza SSL con un certificado invalido en el puerto 50001.


   DESCRIPTION
======================
Some 2wire modems are vulnerable to a remote denial of service attack.
By requesting a special url from the Remote Management interface, an
unathenticated
user can remotely reboot the complete device.

++
Algunos m=C3=B3dems 2wire son vulnerables a un ataque de denegaci=C3=B3n de
servicio.
Un usuario no autenticado puede reiniciar el dispositivo enviando una
petici=C3=B3n a
la interfaz de Administraci=C3=B3n remota.


  EXPLOIT / POC
======================
 https://:50001/xslt?page=%0d%0a


  WORKAROUND
======================
Disable Remote Management in Firewall -> Advanced Settings.

++
Deshabilitar Administraci=C3=B3n remota en Cortafuegos -> Configuraci=C3=B3n
avanzada


   DISCLOSURE TIMELINE
======================
2009/09/06 - Vulnerability discovered
2009/09/08 - Vendor contacted


                  ======================
                           h k m
hkm@hakim.ws 
http://www.hakim.ws 

http://www.webvuln.com/ 

                  ======================Greets:
preth00nker, DromoroK, mr.ebola, Javier, d0ct0r_4rz0v1zp0, ch@vez, fito,
HL, Xianur0, Pr@fEs0r X, Daemon, us3r.


  REFERENCES
======================
Preth00nker's exploit (LAN) - http://www.milw0rm.com/exploits/2246 
2Wire Gateways CRLF DoS (from local network) -
http://secunia.com/advisories/21583 
Hakim.Ws - http://www.hakim.ws 
WebVuln - http://www.webvuln.com 



2009-09 - WebVuln - http://www.webvuln.com 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH