Vulnerability Netgear RP-114 Router - nmap causes DOS

["Omkhar Arasaratnam" <omkhar () rogers com>]

BugTraq,

This has been submitted to CERT as well. Here is the form I sent to them:

CONTACT INFORMATION
============================================================================
===
Let us know who you are:

 Name                   : Omkhar Arasaratnam
 E-mail                 : omkhar () ca ibm com
 Phone / fax            : 416.991.1301/416.383.3316
 Affiliation and address: IBM Canada Ltd.


Have you reported this to the vendor?  yes

        If so, please let us know whom you've contacted:

        Date of your report     : 12/26/2001
        Vendor contact name     : Paul Marino
        Vendor contact phone    : 408-907-8085
        Vendor contact e-mail   : paul.marino () netgear com
        Vendor reference number : 20485470


        If not, we encourage you to do so--vendors need to hear about
        vulnerabilities from you as a customer.


POLICY INFO
============================================================================
===
We encourage communication between vendors and their customers.  When
we forward a report to the vendor, we include the reporter's name and
contact information unless you let us know otherwise.

If you want this report to remain anonymous, please check here:

        ___ Do not release my identity to your vendor contact.


TECHNICAL INFO
============================================================================
===
If there is a CERT Vulnerability tracking number please put it
here (otherwise leave blank): VU#______.


Please describe the vulnerability.
---------------------------------
This vulnerability is in regards to the Netgear RP114 router/NAT. This is a
simple solution that allows home users to share their cable modem / DSL
connection. One of the features of this NAT is port filtering. If the router
is told to drop all packets < 1024, and the WAN port is port scanned, the
router will lock. This has been demonstrated on several occasions to Netgear
engineering using nmap.

What is the impact of this vulnerability?
----------------------------------------
For the duration of the scan, no inbound/outbound traffic through the WAN
port.

To your knowledge is the vulnerability currently being exploited?
----------------------------------------------------------------
        no

If there is an exploitation script available, please include it here.
--------------------------------------------------------------------
n/a

Do you know what systems and/or configurations are vulnerable?
-------------------------------------------------------------
Any customer who has this router attached to a cable modem / DSL modem in a
similar configuration.

        System          : RP-114
        OS version      : 3.26 (firmware)
        Verified/Guessed: Verified, may also happen without port filtering
configured.

Are you aware of any workarounds and/or fixes for this vulnerability?
--------------------------------------------------------------------
no

OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us?

Netgear support has not been very co-operative thus far.