Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR DG632 Router Web Interface Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1022403
SecurityTracker URL:
CVE Reference:   CVE-2009-2256   (Links to External Site)
Updated:  Jul 1 2009
Original Entry Date:  Jun 16 2009
Impact:   Denial of service via network

Version(s): DG632; firmware version 3.4.0_ap
Description:   A vulnerability was reported in the NETGEAR DG632 Router. A remote user can cause denial of service conditions.

A remote user on the local network can send a specially crafted HTTP POST request for '/cgi-bin/firmwarecfg' to cause the target web management service to stop responding. A power reset is required to return the service to normal operation.

A remote user on the WAN interface can exploit this flaw if Remote Management is enabled.

The vendor was notified on June 12, 2009.

Tom Neaves reported this vulnerability.

Impact:   A remote user can cause denial of service conditions on the target web service.
Solution:   No solution was available at the time of this entry.

[Editor's note: The vendor has noted that the vulnerable product has reached end of life.]

Vendor URL: (Links to External Site)
Cause:   Exception handling error

Message History:   None.

 Source Message Contents

Subject:  Netgear DG632 Router Remote DoS Vulnerability

Product Name: Netgear DG632 Router
Date: 15 June, 2009
Author: <>
Original URL:
Discovered: 18 November, 2006
Disclosed: 15 June, 2009


The Netgear DG632 router has a web interface which runs on port 80.  This
allows an admin to login and administer the device's settings.  However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.


Within the "/cgi-bin/" directory of the administrative web interface exists 
file called "firmwarecfg".  This file is used for firmware upgrades.  A HTTP 
request for this file causes the web server to hang.  The web server will 
responding to requests and the administrative interface will become 
until the router is physically restarted.

While the router will still continue to function at the network level, i.e. 
it will
still respond to ICMP echo requests and issue leases via DHCP, an 
administrator will
no longer be able to interact with the administrative web interface.

This attack can be carried out internally within the network, or over the 
if the administrator has enabled the "Remote Management" feature on the 

Affected Versions: Firmware V3.4.0_ap (others unknown)


12 June, 2009 - Contacted vendor.
15 June, 2009 - Vendor responded.  Stated the DG632 is an end of life 
product and is no
longer supported in a production and development sense, as such, there will 
be no further
firmware releases to resolve this issue.


Discovered by Tom Neaves 


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC