SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface
SecurityTracker Alert ID:  1006337
SecurityTracker URL:  http://securitytracker.com/id/1006337
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Feb 14 2004
Original Entry Date:  Mar 20 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): FVS318; firmware V1.2 Nov. 15 2002
Description:   Paul Kurczaba reported a vulnerability in the NETGEAR FVS318 Cable/DSL ProSafe VPN Firewall. A remote user can cause the device to crash and restart.

It is reported that a remote user can connect to the device's web interface and supply a long username and password to cause the device to crash.

A demonstration exploit is provided:

Username: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

Password: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

The report indicates that the router will crash and then reboot.
Impact:   A remote user can cause the device to crash and reboot.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netgear.com/products/prod_details.asp?prodID=129 (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 14 2004 (Vendor Issues Fix) NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface
The vendor has issued a firmware fix.


 Source Message Contents
Date:  Wed, 19 Mar 2003 20:43:00 -0500
Subject:  Vulnerability in Netgear FVS318




Summary
----------------------------------
It is possible to crash a Netgear FVS318 Router through the web browser interface. The web browser
interface is available on the Local Network and from the Internet.



Affected Systems
----------------------------------
Netgear FVS318 Router



Description
----------------------------------
By using a web browser, it is possible to crash a Netgear FVS318 router. To crash the router, go to
http://192.168.2.1 (this is the default IP). When the login screen appears, type the following:

Username: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

Password: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc

The long username and password strings will crash the router. It will then reboot itself. Internet
connectivity will be lost while the router is rebooting.


Workaround
----------------------------------
I have not found a way to fix this problem.



Contact Info
----------------------------------
You can contact me at pkurczaba@att.net


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC