2Wire Remote Denial of Service
The remote management interface on tcp/50001 of various 2Wire devices suffer from a remote denial of service vulnerability.
CVSS Score
Severity
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Advisory
| Device | 2Wire Gateway Router / Modem |
| Vulnerable Versions | < 5.29.52 |
| Vulnerable Models | 1700HG, 1701HG, 1800HW, 2071, 2700HG, 2701HG-T |
| Impact | Unauthenticated remote reboot |
| Location | Remote management interface, tcp/50001 |
| Websec Advisory | WS103 |
Background
Some 2Wire modems enable the remote management interface by default. The interface listens on tcp/50001 over SSL, with an untrusted issuer certificate.
Description
Requesting a specially formed URL against the remote management interface reboots the device. No authentication is required, so any internet client that can reach tcp/50001 can trigger the reboot.
Exploit / Proof of Concept
https://<device-ip>:50001/xslt?page=%0d%0aWorkaround
Disable Remote Management under Firewall → Advanced Settings on the device web UI. Vendor firmware 5.29.52 or later addresses the underlying issue; providers are responsible for rolling out the patch.
Remediation
Apply vendor firmware 5.29.52 or later. ISPs control patch rollout for provider-managed devices.