CVE-2004-2549

Name of the Vulnerable Software and Affected Versions Nortel Wireless LAN (WLAN) Access Point (AP) versions 2220, 2221, and 2225

Description The issue allows remote attackers to cause a denial of service, resulting in a service crash. This can be achieved by sending a TCP request with a large string, followed by 8 newline characters, to specific services. The affected services include the Telnet service on TCP port 23 and the HTTP service on TCP port 80. The cause of the issue might be related to a buffer overflow.

Recommendations For versions 2220, 2221, and 2225, consider restricting access to the Telnet service on TCP port 23 and the HTTP service on TCP port 80 to minimize the risk of exploitation. As a temporary workaround, consider disabling the Telnet and HTTP services until a patch is available. Avoid sending large strings followed by newline characters to the affected services until the issue is resolved.