CVE-2009-3962

2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, 2701HG-T - Denial of Service via %0d%0a Sequence in Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3962. PoCs published by preth00nker.

AI-analyzed exploit summary This PoC exploits a DoS vulnerability in 2Wire gateways by sending a malformed HTTP request with a crafted query string, causing the modem to reset. The exploit constructs a malicious GET request and sends it to the target device.

Description

The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523.

Exploits (1)

exploitdb WORKING POC VERIFIED

by preth00nker · c++doshardware

https://www.exploit-db.com/exploits/2246

View Code ZIP pw:eip

This PoC exploits a DoS vulnerability in 2Wire gateways by sending a malformed HTTP request with a crafted query string, causing the modem to reset. The exploit constructs a malicious GET request and sends it to the target device.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: 2Wire OfficePortal and HomePortal series (various models)

No auth needed

Prerequisites: Network access to the target device · Target device must be a vulnerable 2Wire gateway

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507587/100/0/threaded

Exploit x_refsource_misc

http://webvuln.com/advisories/2wire.remote.denial.of.service.txt

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1023116

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3110

Scores

EPSS 0.0625

EPSS Percentile 91.1%

Details

CWE

CWE-20

Status published

Products (6)

2wire/1700hg

2wire/1701hg

2wire/1800hw

2wire/2071

2wire/2700hg

2wire/2701hg-t

Published Nov 17, 2009

Tracked Since Feb 18, 2026