CVE-2004-2549

Nortel WLAN Access Point 2220, 2221, 2225 - Denial of Service via TCP Request with Large String and Newlines

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-2549. PoCs published by Alex Hernandez, alt3kx.

AI-analyzed exploit summary This exploit sends a large buffer (2024 bytes of 'A' followed by 8 newlines) to a specified host and port, causing a denial of service in Nortel Wireless LAN Access Point 2200 series appliances by crashing the Access Point Appliance Operating service.

Description

Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alex Hernandez · cdoshardware
https://www.exploit-db.com/exploits/23786

This exploit sends a large buffer (2024 bytes of 'A' followed by 8 newlines) to a specified host and port, causing a denial of service in Nortel Wireless LAN Access Point 2200 series appliances by crashing the Access Point Appliance Operating service.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Nortel Wireless LAN Access Point 2200 series
No auth needed
Prerequisites: Network access to the target device · Target device must be running a vulnerable version of the Nortel Wireless LAN Access Point 2200 series firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by alt3kx · poc
https://github.com/alt3kx/CVE-2004-2549

The repository contains only a README with minimal information about CVE-2004-2549, referencing an Exploit-DB entry but lacking any exploit code or technical details.

Classification
Stub 90%
Attack Type
Dos
Complexity
Theoretical
Reliability
Theoretical
Target: Nortel Wireless LAN Access Point 2200 Series
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009294
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9787
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15373
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-03/0055.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4128
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11034

Scores

EPSS 0.1047
EPSS Percentile 95.2%

Details

Status published
Products (3)
nortel/wlan_access_point_2220
nortel/wlan_access_point_2221
nortel/wlan_access_point_2225
Published Dec 31, 2004
Tracked Since Feb 18, 2026