SecurityTracker: (Vendor Issues Fix) Re: Buffalo Technology AirStation Wireless Access Point Can Be Crashed By Remote Users Conducting Port Scans

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Device (Router/Bridge/Hub) > AirStation

Vendors: Buffalo Technology/MELCO Inc.

(Vendor Issues Fix) Re: Buffalo Technology AirStation Wireless Access Point Can Be Crashed By Remote Users Conducting Port Scans

SecurityTracker Alert ID: 1005741

SecurityTracker URL: http://securitytracker.com/id/1005741

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Dec 3 2002

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): WLA-L11G Ver.2.31; Firmware WLI-PCM-L11G Ver.6.14

Description: A denial of service vulnerability was reported in the AirStation wireless access point from Buffalo Technology. A remote user can cause the device to crash and restart.

Arhont Ltd. reported that a remote user can conduct a port scan against the web port to cause the access point device to restart. A demonstration exploit using the 'nmap' port scanning tool in protocol detection mode is provided:

$ nmap -sVVV -p 80 [target_host_IP]

According to the report, a remote user can also connect to the web port using telnet (or another similar utility) and sending the unquoted strings "GET / HTTP/1.0" or "get " to cause the device to restart.

The vendor has reportedly been notified.

Impact: A remote user can cause the device to restart.

Solution: SecureNet Service issued an advisory noting that the vendor, MELCO Inc., has released a fix. (MELCO Inc. is the parent company of Buffalo Technologies.) For the SNS advisory, see:

http://www.lac.co.jp/security/english/snsadv_e/59_e.html

The vendor has issued fixed firmware (1.41.180 beta3 or later) for the WLAR-L11G-L:

http://buffalo.melcoinc.co.jp/download/driver/lan/wlar-l11-l.html#2

Vendor URL: www.buffalotech.com/wireless/products/index.php (Links to External Site)

Cause: Exception handling error

Underlying OS:

Message History: This archive entry is a follow-up to the message listed below.

Buffalo Technology AirStation Wireless Access Point Can Be Crashed By Remote Users Conducting Port Scans

Source Message Contents

Date: Tue, 03 Dec 2002 00:13:04 -0500
Subject: SNS-LAC Advisory: Buffalo WLAN


http://www.lac.co.jp/security/english/snsadv_e/59_e.html

SNS released advisory No.59, warning of a denial of service vulnerability in the Buffalo
AirStation.  (MELCO Inc. is the parent company of Buffalo Technologies.)

A remote user can send the following type of request to the access point's HTTP server to
cause the system to reboot:

"GET / HTTP/1.0"

A remote user can send this request repeatedly to deny service to the access point's
users.

SNS notes that this flaw was discovered (by SNS) on August 9, 2002, predating a public
report of the same vulnerability by another user in November 2002.  SNS also notes that
the vendor has released a fix and confirms that the vulnerability can be corrected by
updating the firmware to Ver 1.41.180 beta3 or later:

http://buffalo.melcoinc.co.jp/download/driver/lan/wlar-l11-l.html#2


For information on the WLAR-L11G-L, see:

http://www.airstation.com/english/products/wlar-l11-l.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC