NetGear DG632路由器 WEB管理界面拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117962 漏洞类型 输入验证
发布时间 2009-06-15 更新时间 2009-06-30
CVE编号 CVE-2009-2256 CNNVD-ID CNNVD-200906-453
漏洞平台 Hardware CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/8964
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-453
|漏洞详情
NetGearDG632是美国网件(NetGear)公司的一个老款的家用ADSL路由器。NetGearDG632路由器WEB管理界面存在拒绝服务攻击漏洞,远程攻击者通过向cgi-bin/firmwarecfg发送HTTPPOST请求可以导致拒绝服务攻击。
|漏洞EXP
Product Name: Netgear DG632 Router
Vendor: http://www.netgear.com
Date: 15 June, 2009
Author: tom@tomneaves.co.uk < tom@tomneaves.co.uk >
Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
Discovered: 18 November, 2006
Disclosed: 15 June, 2009

I. DESCRIPTION

The Netgear DG632 router has a web interface which runs on port 80.  This
allows an admin to login and administer the device's settings.  However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.

II. DETAILS

Within the "/cgi-bin/" directory of the administrative web interface exists a
file called "firmwarecfg".  This file is used for firmware upgrades.  A HTTP POST
request for this file causes the web server to hang.  The web server will stop
responding to requests and the administrative interface will become inaccessible
until the router is physically restarted.

While the router will still continue to function at the network level, i.e. it will
still respond to ICMP echo requests and issue leases via DHCP, an administrator will
no longer be able to interact with the administrative web interface.

This attack can be carried out internally within the network, or over the Internet
if the administrator has enabled the "Remote Management" feature on the router.

Affected Versions: Firmware V3.4.0_ap (others unknown)

III. VENDOR RESPONSE

12 June, 2009 - Contacted vendor.
15 June, 2009 - Vendor responded.  Stated the DG632 is an end of life product and is no
longer supported in a production and development sense, as such, there will be no further
firmware releases to resolve this issue.

IV. CREDIT

Discovered by Tom Neaves

# milw0rm.com [2009-06-15]
|参考资料

来源:MISC
链接:http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
来源:BUGTRAQ
名称:20090616Re[2]:[Full-disclosure]NetgearDG632RouterRemoteDoSVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/504345/100/0/threaded
来源:BUGTRAQ
名称:20090615Re:NetgearDG632RouterRemoteDoSVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/504341/100/0/threaded
来源:MILW0RM
名称:8964
链接:http://www.milw0rm.com/exploits/8964
来源:SECTRACK
名称:1022403
链接:http://securitytracker.com/id?1022403