SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR RP-114 Cable/DSL Router Can Be Locked Up By Remote Users Conducting Port Scans
SecurityTracker Alert ID:  1003229
SecurityTracker URL:  http://securitytracker.com/id/1003229
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 15 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): RP-114 router; firmware version 3.26
Description:   A denial of service vulnerability was reported in the NETGEAR RP-114 Cable/DSL router. A remote user can cause the router to lock up.

It is reported that a remote user can conduct a port scan using nmap on the WAN interface of the router to cause the router to lock up. This has apparently been demonstrated when the router is configured for network address translation [NAT] and port filtering to block all ports below 1024.

While the scan is being conducted, no traffic will be processed by the WAN port, according to the report.

Impact:   A remote user can cause the router to temporarily lock up.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=93 (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Vulnerability Netgear RP-114 Router - nmap causes DOS


BugTraq,

This has been submitted to CERT as well. Here is the form I sent to them:

CONTACT INFORMATION
============================================================================
===
Let us know who you are:

 Name			: Omkhar Arasaratnam
 E-mail			: omkhar@ca.ibm.com
 Phone / fax		: 416.991.1301/416.383.3316
 Affiliation and address: IBM Canada Ltd.


Have you reported this to the vendor?  yes

        If so, please let us know whom you've contacted:

	Date of your report	: 12/26/2001
	Vendor contact name	: Paul Marino
	Vendor contact phone	: 408-907-8085
	Vendor contact e-mail	: paul.marino@netgear.com
	Vendor reference number	: 20485470


        If not, we encourage you to do so--vendors need to hear about
	vulnerabilities from you as a customer.


POLICY INFO
============================================================================
===
We encourage communication between vendors and their customers.  When
we forward a report to the vendor, we include the reporter's name and
contact information unless you let us know otherwise.

If you want this report to remain anonymous, please check here:

	___ Do not release my identity to your vendor contact.


TECHNICAL INFO
============================================================================
===
If there is a CERT Vulnerability tracking number please put it
here (otherwise leave blank): VU#______.


Please describe the vulnerability.
---------------------------------
This vulnerability is in regards to the Netgear RP114 router/NAT. This is a
simple solution that allows home users to share their cable modem / DSL
connection. One of the features of this NAT is port filtering. If the router
is told to drop all packets < 1024, and the WAN port is port scanned, the
router will lock. This has been demonstrated on several occasions to Netgear
engineering using nmap.

What is the impact of this vulnerability?
----------------------------------------
For the duration of the scan, no inbound/outbound traffic through the WAN
port.

To your knowledge is the vulnerability currently being exploited?
----------------------------------------------------------------
	no

If there is an exploitation script available, please include it here.
--------------------------------------------------------------------
n/a

Do you know what systems and/or configurations are vulnerable?
-------------------------------------------------------------
Any customer who has this router attached to a cable modem / DSL modem in a
similar configuration.

	System		: RP-114
	OS version	: 3.26 (firmware)
	Verified/Guessed: Verified, may also happen without port filtering
configured.

Are you aware of any workarounds and/or fixes for this vulnerability?
--------------------------------------------------------------------
no

OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us?

Netgear support has not been very co-operative thus far.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC