NETGEAR fixes DoS vulnerabilities in its N300 routers

NETGEAR has released a firmware update for its N300 series routers that fixes two dangerous DoS vulnerabilities.

Their exploitation allowed unauthorized attackers to send SOAP and HTTP requests and cause a denial of service to the device. Researchers from the Cisco Talos team discovered the vulnerabilities.

“The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crash entirely”, — reported Dave McDaniel, Cisco Talos specialist.

The N300 (WNR2000v5) product is pitched at the consumer and home office markets and are designed to provide basic internet access with speeds of up to 300 Mbps.

The first vulnerability (CVE-2019-5054) affects NETGEAR N300 HTTP Server session processing functionality (WNR2000v5). Exploitation occurs by sending an unauthorized attacker a specially crafted HTTP request.

“An HTTP request with an empty User-Agent string sent to the authentication page can cause the dereference of the null pointer and the HTTP service to fail”, – the researchers explained.

The second DoS vulnerability (CVE-2019-5055) affects the Host Access Point Daemon (hostapd) service of the N300 Wireless Router (WNR2000v5). Null pointer dereferencing and hostapd service failure can be caused by sending a SOAP request to the service in an invalid sequence.

Read also: NetCAT Vulnerability Threats Intel Server Processors

Both vulnerabilities were discovered in the NETGEAR N300 WNR2000v5 firmware version

Netgear told that it had “addressed the issue as it was an older SKU that required a security patch which is currently available”.

Netgear and Cisco Talos fairly well coordinated public disclosure. A firmware update that addresses DoS vulnerabilities has been released and users are encouraged to install it as soon as possible to reduce the risk of exploit.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button