The remote management interface on tcp/50001 of various 2WIRE devices suffers from a remote denial of service vulnerability.
ba747caf5b01b98af810e96f4bf91fcd
========================================
2WIRE REMOTE DENIAL OF SERVICE
========================================
Device: 2wire Gateway Router/Modem
Vulnerable Software: < 5.29.52
Vulnerable Models: 1700HG
1701HG
1800HW
2071
2700HG
2701HG-T
Release Date: 2009-09-00
Last Update: 2009-09-00
Critical: Moderately critical
Impact: Denial of service
Remote router reboot
Where: From remote
In the remote management interface
Solution Status: Vendor issued firmware patches
Providers are in charge of applying the patches
WebVuln Advisory: 1-003
BACKGROUND
=======================
The remote management interface of some 2wire modems is enabled by default.
This interface runs over SSL on port 50001 with an untrusted issuer certificate.
++Español
Algunos módems 2wire tienen la interfaz remota habilitada por default.
La interfaz utiliza SSL con un certificado invalido en el puerto 50001.
DESCRIPTION
=======================
Some 2wire modems are vulnerable to a remote denial of service attack.
By requesting a special url from the Remote Management interface, an unathenticated
user can remotely reboot the complete device.
++
Algunos módems 2wire son vulnerables a un ataque de denegación de servicio.
Un usuario no autenticado puede reiniciar el dispositivo enviando una petición a
la interfaz de Administración remota.
EXPLOIT / POC
=======================
https://<remoteIP>:50001/xslt?page=%0d%0a
WORKAROUND
=======================
Disable Remote Management in Firewall -> Advanced Settings.
++
Deshabilitar Administración remota en Cortafuegos -> Configuración avanzada
DISCLOSURE TIMELINE
=======================
2009/09/06 - Vulnerability discovered
2009/09/08 - Vendor contacted
=======================
h k m
hkm@hakim.ws
http://www.hakim.ws
=======================
Greets:
preth00nker, DromoroK, mr.ebola, Javier, d0ct0r_4rz0v1zp0, ch@vez, fito, HL, Xianur0, Pr@fEs0r X, Daemon.
REFERENCES
=======================
Preth00nker's exploit (LAN) - http://www.milw0rm.com/exploits/2246
2Wire Gateways CRLF DoS (from local network) - http://secunia.com/advisories/21583
Hakim.Ws - http://www.hakim.ws
WebVuln - http://www.webvuln.com
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!