| Title | DoS attack on Netgear-SRX5308 Router |
|---|
| Description | # DoS attack on Netgear-SRX5308 Router
## Overview
* Type: DoS
* Supplier: Netgear (https://www.netgear.com/)
* URL: https://192.168.1.1/scgi-bin/platform.cgi?page=firewall_logs_email.htm
* Product: SRX5308 – ProSAFE Quad WAN Gigabit SSL VPN Firewall
* Affect version: (lastest) 4.3.5-3
* Firmware download: https://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_V4.3.5-3.zip
## Description
One malformed request makes the router link down and cannot recover by rebooting. The device can be recovered only by resetting.
## Business Impact
This vulnerability is easily exploited with only one packet and can result in the affected devices linking down and can only recover from reset. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust.
## Steps to Reproduce
I have put the PoC (exp.py) in the attachments, configure several parameters, and execute it, you will see the router link down. The parameters are as below:
1. username, password: visit the device's web interface (default: admin, password).
2. device_web_ip: web IP address of the target device.
## Proof of Concept
After executing the PoC script, you will find the router link down. You can retry to visit the router's web through the browser, ping the router or telnet web service port(`telnet 192.168.1.1 443`) to check the device status. |
|---|
| Source | ⚠️ https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/17 |
|---|
| User | leetsun (ID 39457) |
|---|
| Submission | 2023-04-13 15時45分 (1 Year ago) |
|---|
| Moderation | 2023-04-28 13時50分 (15 days later) |
|---|
| Status | 已接受 |
|---|
| VulDB Entry | 227658 |
|---|