Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

DoS attack on Netgear-SRX5308 Router

Overview

* Type: DoS
* Supplier: Netgear (https://www.netgear.com/)
* URL: https://192.168.1.1/scgi-bin/platform.cgi?page=firewall_logs_email.htm
* Product: SRX5308 – ProSAFE Quad WAN Gigabit SSL VPN Firewall
* Affect version: (lastest) 4.3.5-3
* Firmware download: https://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_V4.3.5-3.zip

Description

One malformed request makes the router link down and cannot recover by rebooting. The device can be recovered only by reset.

Business Impact

This vulnerability is easily exploited with only one packet and can result in the affected devices link down and can only recover from reset. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust.

Steps to Reproduce

I have put the PoC (exp.py) in attachments, configure several parameters and execute it, you will see the router link down. The parameters are as below:

  1. username, password: visit the device's web interface (default: admin, password).
  2. device_web_ip: web IP address of the target device.

Proof of Concept

After executing the PoC script, you will find the router link down. You can retry to visit the router's web through the browser, ping the router or telnet web service port(telnet 192.168.1.1 443) to check device status.