BugTraq, This has been submitted to CERT as well. Here is the form I sent to them: CONTACT INFORMATION ============================================================================ === Let us know who you are: Name : Omkhar Arasaratnam E-mail : omkharat_private Phone / fax : 416.991.1301/416.383.3316 Affiliation and address: IBM Canada Ltd. Have you reported this to the vendor? yes If so, please let us know whom you've contacted: Date of your report : 12/26/2001 Vendor contact name : Paul Marino Vendor contact phone : 408-907-8085 Vendor contact e-mail : paul.marinoat_private Vendor reference number : 20485470 If not, we encourage you to do so--vendors need to hear about vulnerabilities from you as a customer. POLICY INFO ============================================================================ === We encourage communication between vendors and their customers. When we forward a report to the vendor, we include the reporter's name and contact information unless you let us know otherwise. If you want this report to remain anonymous, please check here: ___ Do not release my identity to your vendor contact. TECHNICAL INFO ============================================================================ === If there is a CERT Vulnerability tracking number please put it here (otherwise leave blank): VU#______. Please describe the vulnerability. --------------------------------- This vulnerability is in regards to the Netgear RP114 router/NAT. This is a simple solution that allows home users to share their cable modem / DSL connection. One of the features of this NAT is port filtering. If the router is told to drop all packets < 1024, and the WAN port is port scanned, the router will lock. This has been demonstrated on several occasions to Netgear engineering using nmap. What is the impact of this vulnerability? ---------------------------------------- For the duration of the scan, no inbound/outbound traffic through the WAN port. To your knowledge is the vulnerability currently being exploited? ---------------------------------------------------------------- no If there is an exploitation script available, please include it here. -------------------------------------------------------------------- n/a Do you know what systems and/or configurations are vulnerable? ------------------------------------------------------------- Any customer who has this router attached to a cable modem / DSL modem in a similar configuration. System : RP-114 OS version : 3.26 (firmware) Verified/Guessed: Verified, may also happen without port filtering configured. Are you aware of any workarounds and/or fixes for this vulnerability? -------------------------------------------------------------------- no OTHER INFORMATION =========================================================================== Is there anything else you would like to tell us? Netgear support has not been very co-operative thus far.
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 14:38:51 PST