Netgear FVG318 is vunerable to DOS attack

2006.08.16

Credit: root localhost com

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-4143

CWE: CWE-Other

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

The Netgear FVG318 (http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FV
G318.aspx) is vunerable to a Denial of Service attack where a flood of bad checksum TCP packets will lock the router up, forcing a hard reset.
This can be acheived with a program such as fragrouter or even an innocent program such as Azureus when sending/receiving a lot of bad packets.
I deceided to release this information after netgear seemingly uncaringly for their customers has deceided to not progress on diagnosing this bug for over 2 months.
My Firmware ver. = V1.0.40. Can anyone else confirm this with different or the same versions?

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Netgear FVG318 is vunerable to DOS attack

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.