|
|
|
|
| |
| A security vulnerability in the NETGEAR FM114P allows remote attackers to cause the product to crash by initiating a large number of TCP connections, or by trying to brute force the password used in the administrator's web interface. |
| |
Credit:
The information has been provided by Marc Ruef.
|
| |
It seems possible to crash the NETGEAR FM114P with many TCP connects. Marc did some tests on his FM114P firmware Version 1.3 Release 05 and these are the needed connection attempts:
4349
15641
125802
22185
44395
62564
9865
22102
108132
42314
It appears that there is no exact value from which the NETGEAR will crash. However, all of them are between the scale of 4349 and 125802.
It's also possible to cause this vulnerability by trying to brute force the htaccess password of the web interface (e.g. with WWWhack). Note however, that such an attack is recorded in the log files as following:
--- fwlog begin ---
[...]
Sun, 2002-10-06 21:23:40 - Administrator login fail, Password error - IP:192.168.0.2
Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2
Sun, 2002-10-06 21:23:41 - Administrator login fail, Password error - IP:192.168.0.2
[...]
--- fwlog end ---
After this (and after the TCP flood), the whole firewall freezes:
- You can't ping the box
- You can't connect to the web interface
- No throughput is possible
- The firewall doesn't mail the scheduled log files
The only way to restore normal operation would be to reboot the tiny box.
|
|
|
|
|
|
|
|
|
|
