We all know that to be secure in the web, update the softwares in the computer is a must. But the same is not only for the softwares in the hard drive, but for the software of the hardware, which is called firmware.
A vulnerability has been found on the Netgear DG632 ISR, which allows the attacker to crash your Netgear web interface. The web interface on these routers is used to manage the device from remote locations. If the web server of the DG632 crashes, the device cannot be managed anymore until somebody phisically restarts it, and it should be done “in loco” and cannot be restarted remotely. A solution to this would be a patch or a new firmware from the vendor “Netgear”; but as you can see from the Security Advisory they do not give any support because the device reached its End of Life “EOL” and not more support or firmares are being given for the DG632.
I have my Linksys and I am very happy.
Here is the tex og the security advisory:
Code:Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: tom@tomneaves.co.uk <tom@tomneaves.co.uk> Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. However, a Denial of Service (DoS) vulnerability exists that causes the web interface to crash and stop responding to further requests. II. DETAILS Within the "/cgi-bin/" directory of the administrative web interface exists a file called "firmwarecfg". This file is used for firmware upgrades. A HTTP POST request for this file causes the web server to hang. The web server will stop responding to requests and the administrative interface will become inaccessible until the router is physically restarted. While the router will still continue to function at the network level, i.e. it will still respond to ICMP echo requests and issue leases via DHCP, an administrator will no longer be able to interact with the administrative web interface. This attack can be carried out internally within the network, or over the Internet if the administrator has enabled the "Remote Management" feature on the router. Affected Versions: Firmware V3.4.0_ap (others unknown) III. VENDOR RESPONSE 12 June, 2009 - Contacted vendor. 15 June, 2009 - Vendor responded. Stated the DG632 is an end of life product and is no longer supported in a production and development sense, as such, there will be no further firmware releases to resolve this issue. IV. CREDIT Discovered by Tom Neaves
Thanks for reading, have a secure surfing, if you have comments you can leave it here.
For any questions you can ask in our forum. www.security-exchange.net
Any question? You need our FAST help? Go to our forum and as for FREE!
If this article Helped you, please Pay-it-Forward by sharing it!
3 Responses to Alert Netgear DG632 router users – Netgear vulnerability – no support from the vendor
Leave a Reply
Translator
Subscribe to our feed
Your site is realy and nice .it is not like all those auto-blogs popular now. Its a real one. Its nice!
My sis told me about your internet site. They were right, I’m extremely pleased with the posting as well as slick style. It seems with me you’re only scratching the surface on the subject of the things you can easily accomplish, nevertheless you’re off towards a great beginning! I thought we would add this page to my own book mark web page and also I merely signed up with your rss feed.
Nice to read about this