(Vendor Issues Fix) NETGEAR FVS318 VPN Firewall Can Be Crashed Via the Web Browser Interface
|
|
SecurityTracker Alert ID: 1009044 |
|
SecurityTracker URL: http://securitytracker.com/id/1009044
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 14 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): FVS318; firmware V1.2 Nov. 15 2002
|
Description:
Paul Kurczaba reported a vulnerability in the NETGEAR FVS318 Cable/DSL ProSafe VPN Firewall. A remote user can cause the device to crash and restart.
It is reported that a remote user can connect to the device's web interface and supply a long username and password to cause the device to crash.
A demonstration exploit is provided:
Username: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc
Password: 7097097230984720938472839ujsksodpckf0we9okzxck90zxcpzxc
The report indicates that the router will crash and then reboot.
|
Impact:
A remote user can cause the device to crash and reboot.
|
Solution:
On July 15, 2003, the vendor issued a fixed version (1.4), available at:
http://kbserver.netgear.com/support_details.asp?dnldID=395
[Editor's note: More recent versions of the firmware are also available.]
|
Vendor URL: kbserver.netgear.com/support_details.asp?dnldID=395 (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 13 Feb 2004 23:25:36 -0500
Subject: ftp://downloads.netgear.com/files/fvs318_v14_release_notes.pdf
|
ftp://downloads.netgear.com/files/fvs318_v14_release_notes.pdf
> NETGEAR FVS318 ProSafe VPN Firewall
> Release Version 1.4
> 7/15/2003
> Modifications and Bug Fixes
> Fixed: Long login name or password causes router to reboot.
The fix is available at:
http://kbserver.netgear.com/support_details.asp?dnldID=395
[Editor's note: More recent versions of the firmware are also available.]
|
|
