[Fwd: Vulnerability Netgear RP-114 Router - nmap causes DOS]

[Niels Heinen <niels.heinen () ubizen com>]

And yet another weak cheap-to-produce-but-expensive-to-buy router has
been detected.. maybe we should
get a new banner for nmap.. like 

Got DSL or cable ? <refresh>  No you don't ! <refresh> Nmap router enemy
#1

;-)

Regards,

Niels

-------- Original Message --------
Subject: Vulnerability Netgear RP-114 Router - nmap causes DOS
Date: Tue, 15 Jan 2002 03:49:28 -0500
From: "Omkhar Arasaratnam" <omkhar () rogers com>
Reply-To: <>
To: <bugtraq () securityfocus com>

BugTraq,

This has been submitted to CERT as well. Here is the form I sent to
them:

CONTACT INFORMATION
============================================================================
===
Let us know who you are:

 Name                   : Omkhar Arasaratnam
 E-mail                 : omkhar () ca ibm com
 Phone / fax            : 416.991.1301/416.383.3316
 Affiliation and address: IBM Canada Ltd.


Have you reported this to the vendor?  yes

        If so, please let us know whom you've contacted:

        Date of your report     : 12/26/2001
        Vendor contact name     : Paul Marino
        Vendor contact phone    : 408-907-8085
        Vendor contact e-mail   : paul.marino () netgear com
        Vendor reference number : 20485470


        If not, we encourage you to do so--vendors need to hear about
        vulnerabilities from you as a customer.


POLICY INFO
============================================================================
===
We encourage communication between vendors and their customers.  When
we forward a report to the vendor, we include the reporter's name and
contact information unless you let us know otherwise.

If you want this report to remain anonymous, please check here:

        ___ Do not release my identity to your vendor contact.


TECHNICAL INFO
============================================================================
===
If there is a CERT Vulnerability tracking number please put it
here (otherwise leave blank): VU#______.


Please describe the vulnerability.
---------------------------------
This vulnerability is in regards to the Netgear RP114 router/NAT. This
is a
simple solution that allows home users to share their cable modem / DSL
connection. One of the features of this NAT is port filtering. If the
router
is told to drop all packets < 1024, and the WAN port is port scanned,
the
router will lock. This has been demonstrated on several occasions to
Netgear
engineering using nmap.

What is the impact of this vulnerability?
----------------------------------------
For the duration of the scan, no inbound/outbound traffic through the
WAN
port.

To your knowledge is the vulnerability currently being exploited?
----------------------------------------------------------------
        no

If there is an exploitation script available, please include it here.
--------------------------------------------------------------------
n/a

Do you know what systems and/or configurations are vulnerable?
-------------------------------------------------------------
Any customer who has this router attached to a cable modem / DSL modem
in a
similar configuration.

        System          : RP-114
        OS version      : 3.26 (firmware)
        Verified/Guessed: Verified, may also happen without port filtering
configured.

Are you aware of any workarounds and/or fixes for this vulnerability?
--------------------------------------------------------------------
no

OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us?

Netgear support has not been very co-operative thus far.

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).