Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

From: Hanno =?utf-8?q?B=C3=B6ck?= <>
Cc: Tom Neaves <>,
Subject: Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

Am Montag 15 Juni 2009 schrieb Tom Neaves:
> Within the "/cgi-bin/" directory of the administrative web interface exists
> a
> file called "firmwarecfg".  This file is used for firmware upgrades.  A
> request for this file causes the web server to hang.  The web server will
> stop
> responding to requests and the administrative interface will become
> inaccessible
> until the router is physically restarted.
> While the router will still continue to function at the network level, i.e.
> it will
> still respond to ICMP echo requests and issue leases via DHCP, an
> administrator will
> no longer be able to interact with the administrative web interface.
> This attack can be carried out internally within the network, or over the
> Internet
> if the administrator has enabled the "Remote Management" feature on the
> router.

Don't have such a device for tests, but isn't it possible to exploit this 
remotely through CSRF even without "Remote Management" option?
(i.e. put some javascript on a webpage sending a post request to the default 
ip of the router?)

Hanno Böck            Blog: 
GPG: 3DBD3B20         Jabber/Mail: - Kein Sicherheitsrabatt für CO2-Speicher - Internetzensur stoppen! - professional webhosting

Copyright © 1995-2019 All rights reserved.