SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
(Vendor Issues Fix) NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface
SecurityTracker Alert ID:  1009044
SecurityTracker URL:  http://securitytracker.com/id/1009044
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): FVS318; firmware V1.2 Nov. 15 2002
Description:   Paul Kurczaba reported a vulnerability in the NETGEAR FVS318 Cable/DSL ProSafe VPN Firewall. A remote user can cause the device to crash and restart.

It is reported that a remote user can connect to the device's web interface and supply a long username and password to cause the device to crash.

A demonstration exploit is provided:

Username: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

Password: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

The report indicates that the router will crash and then reboot.

Impact:   A remote user can cause the device to crash and reboot.
Solution:   On July 15, 2003, the vendor issued a fixed version (1.4), available at:

http://kbserver.netgear.com/support_details.asp?dnldID=395

[Editor's note: More recent versions of the firmware are also available.]

Vendor URL:  kbserver.netgear.com/support_details.asp?dnldID=395 (Links to External Site)
Cause:   Exception handling error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 20 2003 NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface



 Source Message Contents

Subject:  ftp://downloads.netgear.com/files/fvs318_v14_release_notes.pdf


ftp://downloads.netgear.com/files/fvs318_v14_release_notes.pdf

 > NETGEAR FVS318 ProSafe VPN Firewall
 > Release Version 1.4
 > 7/15/2003


 > Modifications and Bug Fixes

 > Fixed: Long login name or password causes router to reboot.


The fix is available at:

http://kbserver.netgear.com/support_details.asp?dnldID=395

[Editor's note:  More recent versions of the firmware are also available.]

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC