Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR RP-114 Cable/DSL Router Can Be Locked Up By Remote Users Conducting Port Scans
SecurityTracker Alert ID:  1003229
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 15 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): RP-114 router; firmware version 3.26
Description:   A denial of service vulnerability was reported in the NETGEAR RP-114 Cable/DSL router. A remote user can cause the router to lock up.

It is reported that a remote user can conduct a port scan using nmap on the WAN interface of the router to cause the router to lock up. This has apparently been demonstrated when the router is configured for network address translation [NAT] and port filtering to block all ports below 1024.

While the scan is being conducted, no traffic will be processed by the WAN port, according to the report.

Impact:   A remote user can cause the router to temporarily lock up.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Exception handling error

Message History:   None.

 Source Message Contents

Subject:  Vulnerability Netgear RP-114 Router - nmap causes DOS


This has been submitted to CERT as well. Here is the form I sent to them:

Let us know who you are:

 Name			: Omkhar Arasaratnam
 E-mail			:
 Phone / fax		: 416.991.1301/416.383.3316
 Affiliation and address: IBM Canada Ltd.

Have you reported this to the vendor?  yes

        If so, please let us know whom you've contacted:

	Date of your report	: 12/26/2001
	Vendor contact name	: Paul Marino
	Vendor contact phone	: 408-907-8085
	Vendor contact e-mail	:
	Vendor reference number	: 20485470

        If not, we encourage you to do so--vendors need to hear about
	vulnerabilities from you as a customer.

We encourage communication between vendors and their customers.  When
we forward a report to the vendor, we include the reporter's name and
contact information unless you let us know otherwise.

If you want this report to remain anonymous, please check here:

	___ Do not release my identity to your vendor contact.

If there is a CERT Vulnerability tracking number please put it
here (otherwise leave blank): VU#______.

Please describe the vulnerability.
This vulnerability is in regards to the Netgear RP114 router/NAT. This is a
simple solution that allows home users to share their cable modem / DSL
connection. One of the features of this NAT is port filtering. If the router
is told to drop all packets < 1024, and the WAN port is port scanned, the
router will lock. This has been demonstrated on several occasions to Netgear
engineering using nmap.

What is the impact of this vulnerability?
For the duration of the scan, no inbound/outbound traffic through the WAN

To your knowledge is the vulnerability currently being exploited?

If there is an exploitation script available, please include it here.

Do you know what systems and/or configurations are vulnerable?
Any customer who has this router attached to a cable modem / DSL modem in a
similar configuration.

	System		: RP-114
	OS version	: 3.26 (firmware)
	Verified/Guessed: Verified, may also happen without port filtering

Are you aware of any workarounds and/or fixes for this vulnerability?

Is there anything else you would like to tell us?

Netgear support has not been very co-operative thus far.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC