Bugtraq mailing list archives
Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 16 Jun 2009 12:42:06 +0200
Am Montag 15 Juni 2009 schrieb Tom Neaves:
Within the "/cgi-bin/" directory of the administrative web interface exists a file called "firmwarecfg". This file is used for firmware upgrades. A HTTP POST request for this file causes the web server to hang. The web server will stop responding to requests and the administrative interface will become inaccessible until the router is physically restarted. While the router will still continue to function at the network level, i.e. it will still respond to ICMP echo requests and issue leases via DHCP, an administrator will no longer be able to interact with the administrative web interface. This attack can be carried out internally within the network, or over the Internet if the administrator has enabled the "Remote Management" feature on the router.
Don't have such a device for tests, but isn't it possible to exploit this remotely through CSRF even without "Remote Management" option? (i.e. put some javascript on a webpage sending a post request to the default ip of the router?) -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher http://tinyurl.com/dceu73 - Internetzensur stoppen! http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Netgear DG632 Router Remote DoS Vulnerability Tom Neaves (Jun 15)
- Message not available
- Message not available
- Message not available
- Re: Netgear DG632 Router Remote DoS Vulnerability Tom Neaves (Jun 16)
- Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability Vladimir '3APA3A' Dubrovin (Jun 16)
- Message not available
- Message not available
- Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability Hanno Böck (Jun 16)