首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Netgear DG632 Router Remote Denial of Service Vulnerability
来源:vfocus.net 作者:vfocus 发布时间:2009-06-17  
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: tom@tomneaves.co.uk < tom@tomneaves.co.uk >
Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009

I. DESCRIPTION

The Netgear DG632 router has a web interface which runs on port 80.  This
allows an admin to login and administer the device's settings.  However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.

II. DETAILS

Within the "/cgi-bin/" directory of the administrative web interface exists a
file called "firmwarecfg".  This file is used for firmware upgrades.  A HTTP POST
request for this file causes the web server to hang.  The web server will stop
responding to requests and the administrative interface will become inaccessible
until the router is physically restarted.

While the router will still continue to function at the network level, i.e. it will
still respond to ICMP echo requests and issue leases via DHCP, an administrator will
no longer be able to interact with the administrative web interface.

This attack can be carried out internally within the network, or over the Internet
if the administrator has enabled the "Remote Management" feature on the router.

Affected Versions: Firmware V3.4.0_ap (others unknown)

III. VENDOR RESPONSE

12 June, 2009 - Contacted vendor.
15 June, 2009 - Vendor responded.  Stated the DG632 is an end of life product and is no
longer supported in a production and development sense, as such, there will be no further
firmware releases to resolve this issue.

IV. CREDIT

Discovered by Tom Neaves

# [2009-06-15]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Netgear DG632 Router Authentic
·vBulletin Radio and TV Player
·phpCollegeExchange 0.1.5c (lis
·phportal v1 (topicler.php id)
·WordPress Plugin Photoracer 1.
·The Recipe Script 5 Remote XSS
·Apple QuickTime CRGN Atom Loca
·Joomla Component com_jumi (fil
·Joomla Component com_ijoomla_r
·Green Dam 3.17 URL Processing
·TorrentTrader Classic 1.09 Mul
·McAfee 3.6.0.608 naPolicyManag
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved