CVE-2004-2749

Description

Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error.

Affected products

• 2wire / homeportal100s – 100s
• 2wire / homeportal100w – 100w
• 2wire / homeportal1000 – 1000
• 2wire / homeportal1000s – 1000s
• 2wire / homeportal1000sw – 1000sw
• 2wire / homeportal1000w – 1000w
• 2wire / homeportal1500w – 1500w

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/14894
• VENDOR_ADVISORYhttp://secunia.com/advisories/10666
• MISChttp://www.securityfocus.com/bid/9463
• MISChttp://www.osvdb.org/3683
• MISChttp://securitytracker.com/id?1008798
• MISChttp://archives.neohapsis.com/archives/bugtraq/2004-01/0179.html