Netgear FVS318 up to 1.3 Connection administration denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
A vulnerability was found in Netgear FVS318 up to 1.3 (Router Operating System). It has been rated as problematic. This issue affects an unknown code block of the file administration of the component Connection Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. The summary by CVE is:
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.
The bug was discovered 06/21/2004. The weakness was shared 06/21/2004 by Paul Kurczaba with Kurczaba Associates (Website). It is possible to read the advisory at kurczaba.com. The identification of this vulnerability is CVE-2004-0610 since 06/29/2004. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a exploit are known. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at netgear.com.Addressing this vulnerability is possible by firewalling . The best possible mitigation is suggested to be applying a restrictive firewalling.
The vulnerability is also documented in the vulnerability database at X-Force (16448). kurczaba.com is providing further details. The entries 720 and 22532 are related to this item.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.9
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
ATT&CK: T1499
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Patch: netgear.com
Timeline
06/21/2004 🔍06/21/2004 🔍
06/21/2004 🔍
06/21/2004 🔍
06/21/2004 🔍
06/22/2004 🔍
06/22/2004 🔍
06/29/2004 🔍
12/06/2004 🔍
Sources
Vendor: netgear.comAdvisory: kurczaba.com
Researcher: Paul Kurczaba
Organization: Kurczaba Associates
Status: Not defined
CVE: CVE-2004-0610 (🔍)
X-Force: 16448 - Microsoft MN-500 Web administration denial of service, Medium Risk
SecurityFocus: 10585 - Multiple Vendor Broadband Router Web-Based Administration Denial Of Service Vulnerability
Secunia: 11913 - Netgear FVS318 Multiple Connections Denial of Service, Less Critical
OSVDB: 7187 - Microsoft MN-500 Web Administration Multiple Connections DoS
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 06/22/2004 15:53Changes: 06/22/2004 15:53 (80)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.