[原文]Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error.
It has been reported that the software is allegedly prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is reported to exist in the 'wralogin' authentication form that is accessed through the HTTPS (SSL) interface.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
All versions of 2Wire HomePortal Series have been reported to be vulnerable to this issue.
<form name="wralogin" method="get"
<input type="hidden" name="authcode" value="MUQmqC/sBiXfslfYEooIJg==">
<input type="password" name="password" value="">
<input type="submit" alt="Submit" width="58" height="19" border="0"></td>
HomePortal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a request which is not validated by the HTTP server, which will disclose arbitrary file information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.