Nortel Wireless LAN Access Point 2200 administrative Telnet service denial of service
| nortel-accesspoint-telnet-dos (15373) |  Medium Risk |
Description:
Nortel Wireless LAN Access Point 2200 series are vulnerable to a denial of service attack. By sending a specially-crafted request to the administrative Telnet service listening on port 23, a remote attacker can cause the service to crash, which would cause the device to stop processing new requests from legitimate users.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- Full-Disclosure Mailing List, Mon Mar 01 2004 - 21:05:05 CST: Nortel Networks Wireless LAN Access Point 2200 DoS + PoC .
- SecuriTeam Mailing List, Security Holes & Exploits 10 Mar 2004: Nortel Networks Wireless LAN Access Point 2200 DoS.
- BID-9787: Nortel Wireless LAN Access Point 2200 Series Denial Of Service Vulnerability
- CVE-2004-2549: Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
- OSVDB ID: 4128: Nortel WLAN Access Point 2200 DoS
- SA11034: Nortel WLAN Access Point 2200 Denial of Service
- SECTRACK ID: 1009294: Nortel Wireless LAN Access Point 2200 Admin Port Can Be Crashed By Remote Users
Platforms Affected:
- Nortel WLAN Access Point 2200
Reported:
Mar 01, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net