And yet another weak cheap-to-produce-but-expensive-to-buy router has
been detected.. maybe we should
get a new banner for nmap.. like

Got DSL or cable ? <refresh> No you don't ! <refresh> Nmap router enemy
#1

;-)

Regards,

Niels

-------- Original Message --------
Subject: Vulnerability Netgear RP-114 Router - nmap causes DOS
Date: Tue, 15 Jan 2002 03:49:28 -0500
From: "Omkhar Arasaratnam" <omkharrogers.com>
Reply-To: <>
To: <bugtraqsecurityfocus.com>

BugTraq,

This has been submitted to CERT as well. Here is the form I sent to
them:

CONTACT INFORMATION
============================================================================
===
Let us know who you are:

 Name : Omkhar Arasaratnam
 E-mail : omkharca.ibm.com
 Phone / fax : 416.991.1301/416.383.3316
 Affiliation and address: IBM Canada Ltd.

Have you reported this to the vendor? yes

        If so, please let us know whom you've contacted:

        Date of your report : 12/26/2001
        Vendor contact name : Paul Marino
        Vendor contact phone : 408-907-8085
        Vendor contact e-mail : paul.marinonetgear.com
        Vendor reference number : 20485470

        If not, we encourage you to do so--vendors need to hear about
        vulnerabilities from you as a customer.

POLICY INFO
============================================================================
===
We encourage communication between vendors and their customers. When
we forward a report to the vendor, we include the reporter's name and
contact information unless you let us know otherwise.

If you want this report to remain anonymous, please check here:

        ___ Do not release my identity to your vendor contact.

TECHNICAL INFO
============================================================================
===
If there is a CERT Vulnerability tracking number please put it
here (otherwise leave blank): VU#______.

Please describe the vulnerability.
---------------------------------
This vulnerability is in regards to the Netgear RP114 router/NAT. This
is a
simple solution that allows home users to share their cable modem / DSL
connection. One of the features of this NAT is port filtering. If the
router
is told to drop all packets < 1024, and the WAN port is port scanned,
the
router will lock. This has been demonstrated on several occasions to
Netgear
engineering using nmap.

What is the impact of this vulnerability?
----------------------------------------
For the duration of the scan, no inbound/outbound traffic through the
WAN
port.

To your knowledge is the vulnerability currently being exploited?
----------------------------------------------------------------
        no

If there is an exploitation script available, please include it here.
--------------------------------------------------------------------
n/a

Do you know what systems and/or configurations are vulnerable?
-------------------------------------------------------------
Any customer who has this router attached to a cable modem / DSL modem
in a
similar configuration.

        System : RP-114
        OS version : 3.26 (firmware)
        Verified/Guessed: Verified, may also happen without port filtering
configured.

Are you aware of any workarounds and/or fixes for this vulnerability?
--------------------------------------------------------------------
no

OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us?

Netgear support has not been very co-operative thus far.

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]