Government Security
Network Security Resources

Jump to content

Photo

2Wire Remote Denial Of Service

exploit router vulnerability advanced advisory firewall denial of service patch disclosure
  • Please log in to reply
No replies to this topic

#1 qcred11

qcred11

    First Sergeant

  • Members
  • 2,544 posts

Posted 09 November 2009 - 11:45 PM


======================================== 

              2WIRE REMOTE DENIAL OF SERVICE 

        ======================================== 





Device:      2wire Gateway Router/Modem 

Vulnerable Software:   =< 5.29.52 

Vulnerable Models:   1700HG 

        1701HG 

        1800HW 

        2071 

        2700HG 

        2701HG-T 

Release Date:    2009-10-29 

Last Update:    2009-09 

Critical:    Moderately critical 

Impact:    Denial of service 

     Remote router reboot 

Where:      From remote 

     In the remote management interface 

Solution Status:   Vendor issued firmware patches 

        Providers are in charge of applying the patches 

WebVuln Advisory:   1-003 





 BACKGROUND 

======================= 



The remote management interface of some 2wire modems is enabled by 

default. 

This interface runs over SSL on port 50001 with an untrusted issuer 

certificate. 



++Espanol 

Algunos modems 2wire tienen la interfaz remota habilitada por default. 

La interfaz utiliza SSL con un certificado invalido en el puerto 50001. 





  DESCRIPTION 

======================= 



Some 2wire modems are vulnerable to a remote denial of service attack. 

By requesting a special url from the Remote Management interface, an 

unathenticated 

user can remotely reboot the complete device. 



++ 

Algunos modems 2wire son vulnerables a un ataque de denegacion de 

servicio. 

Un usuario no autenticado puede reiniciar el dispositivo enviando una 

peticion a 

la interfaz de Administracion remota. 





 EXPLOIT / POC 

======================= 



https://<remoteIP>:50001/xslt?page=%0d%0a 





 WORKAROUND 

======================= 



Disable Remote Management in Firewall -> Advanced Settings. 



++ 

Deshabilitar Administracion remota en Cortafuegos -> Configuracion 

avanzada 





  DISCLOSURE TIMELINE 

======================= 



2009/09/06 - Vulnerability discovered 

2009/09/08 - Vendor contacted 





                 ======================= 



                          h k m 

                       hkm@hakim.ws 









Also tagged with one or more of these keywords: exploit, router, vulnerability, advanced, advisory, firewall, denial of service, patch, disclosure