Description
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
Affected products
- 2wire_inc / homeportal
- 2wire_inc / homeportal100s – 100s
- 2wire_inc / homeportal100w – 100w
- 2wire_inc / homeportal1000 – 1000
- 2wire_inc / homeportal1000s – 1000s
- 2wire_inc / homeportal1000sw – 1000sw
- 2wire_inc / homeportal1000w – 1000w
- 2wire_inc / homeportal1500w – 1500w
- 2wire_inc / officeportal
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/28578
- VENDOR_ADVISORYhttp://secunia.com/advisories/21583
- MISChttp://www.securityfocus.com/archive/1/443906/100/100/threaded
- EXPLOIThttps://www.exploit-db.com/exploits/2246
- MISChttp://securityreason.com/securityalert/1489
- MISChttp://www.mexhackteam.org/prethoonker/DoS_ADV_2Wire.txt
- MISChttp://www.securityfocus.com/bid/19634