2Wire Routers 'password_required.html' Password Reset Security Bypass Vulnerability

Multiple 2Wire routers are prone to a security-bypass vulnerability because they fail to adequately authenticate users before performing certain actions.

Unauthenticated attackers can leverage this issue to change the router's administrative password. Successful attacks will completely compromise affected devices.

This issue may be related to the vulnerability described in BID 36031 (2Wire Routers 'CD35_SETUP_01' Access Validation Vulnerability).

We don't know which models and firmware versions are affected. We will update this BID when more details become available.


Privacy Statement
Copyright 2010, SecurityFocus