DoS security flaws can be exploited via crafted SOAP and HTTP requests

UPDATED Two denial-of-service (DoS) vulnerabilities in a popular Netgear wireless router product line have been uncovered.

Both vulnerabilities risked crashing the systems of home networking kits before a patch was issued earlier last week (September 5).

Discovered by Cisco Talos researcher Dave McDaniel, and disclosed on Monday, the vulnerabilities are present in Netgear N300 routers, specifically, those running firmware version v1.0.0.70.

The N300 (WNR2000v5) product is pitched at the consumer and home office markets and are designed to provide basic internet access with speeds of up to 300 Mbps.

The first vulnerability is tracked as CVE-2019-5054 and exists in the session handling functions of the router’s HTTP server.

If a crafted HTTP request is sent to a page demanding authentication with an empty User-Agent string, this can prompt a null pointer dereference, leading to a full system crash.

The second security flaw, CVE-2019-5055, was found by McDaniel in the N300’s Host Access Point Daemon (hostapd).

In this case, a crafted SOAP request sent to the < WFAWLANConfig:1#PutMessage > service with an invalid sequence can also result in a null pointer dereference. This vulnerability can also be exploited to cause a vulnerable device to crash.

Netgear and Cisco Talos coordinated the public disclosure. A firmware update resolving the DoS vulnerabilities has been released, which users are advised to apply in order to mitigate the risk of exploit.

Netgear told The Daily Swig that it had “addressed the issue as it was an older SKU that required a security patch which is currently available”.

Previously, Cisco Talos has worked with threat intelligence partners to study VPNFilter, a prolific form of malware capable of infecting routers and network storage devices and suspected of being the handiwork of Kremlin cyberspies.

As of 2018, VPNFilter is believed to have infected at least 500,000 devices worldwide, impacting networking equipment and NAS devices produced by Netgear, Linksys, MikroTik, and TP-Link.

In related news this week, Trustwave has separately revealed vulnerabilities in D-Link and Comba routers.

The five security flaws – two uncovered in a D-Link DSL modem and three in multiple Comba Telecom Wi-Fi devices – all involve the storage of plaintext credentials accessible to any unprivileged user with network access.

D-Link has provided patches (1,2) to resolve the vulnerabilities. Comba has yet to responded to the researcher’s findings.

The Daily Swig has reached out to D-Link and Comba for comment.

This story was updated on September 11 to add comment from Netgear

YOU MIGHT ALSO LIKE IoT security: Storm brewing on the digital underground, as criminals flock to forums