Multiple Vendor Broadband Router Web-Based Administration Denial Of Service Vulnerability

Multiple broadband routers from several different vendors, used for home and small office Internet sharing and routing are reported affected by a denial of service vulnerability in their web-based administration interfaces.

The embedded web server is reportedly unable to maintain more than a small number of simultaneous TCP connections. An attacker who maintains a number of connections to port 80 of an affected device will block access to the web administration application for legitimate users.

An attacker could block access to the administration interface as long as they can maintain the TCP connections.

Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to be susceptible.


 

Privacy Statement
Copyright 2010, SecurityFocus