Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
TITLE: Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
CLASS: Failure to Handle Exceptional Conditions
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Mar 04 2006 12:00AM
UPDATE: Mar 08 2006 09:25PM
CREDIT: ryanmeyer14@netscape.net discovered this issue. Both ryanmeyer14@netscape.net and "Cade Cairns" <cairnsc@gmail.com> disclosed this issue.
VULNERABLE:
NetGear WGT624 0
NetGear RT314/RT311 Gateway Router Firmware 3.25
NetGear RT314/RT311 Gateway Router Firmware 3.24
NetGear RT314/RT311 Gateway Router Firmware 3.22
NetGear RT-338
NetGear ME102 1.4
NetGear ME102 1.3
NetGear FVS318v2 2.4
NetGear FVS318 2.4
NetGear FVS318 1.3
NetGear FVS318 1.2
NetGear FVS318 1.1
NetGear FVS318 1.0
NetGear FM114P
NetGear DG834G
NetGear DG834 ADSL Firewall Router
Linksys WRT54GS 4.70.6 (Firmware)
Linksys WRT54GS 4.50.6 (Firmware)
Linksys WRT54G v4.0 4.20.6 (Firmware)
Linksys WRT54G v4.0 4.0.7 (Firmware)
Linksys WRT54G v3.0 3.3.6 (Firmware)
Linksys WRT54G v3.0 3.1.3 (Firmware)
Linksys WRT54G v2.0 2.4.4 (Firmware)
Linksys WRT54G v2.0 2.0 2.8 beta(Firmware)
Linksys WRT54G v2.0 2.0 0.8 (Firmware)
Linksys WRT54G v1.0 1.42.3 (Firmware)
Linksys WAP55AG 1.0.7
Linksys WAP11 2.2
Linksys WAP11 1.4
Linksys WAP11 1.3
Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.42.7
Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.40.3
Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.9 b
Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 b
Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2
Linksys EtherFast BEFVP41 Router 1.39.64
Linksys EtherFast BEFVP41 Router
Linksys EtherFast BEFSRU31 Router 1.44
Linksys EtherFast BEFSRU31 Router 1.43.3
Linksys EtherFast BEFSRU31 Router 1.43
Linksys EtherFast BEFSRU31 Router 1.42.7
Linksys EtherFast BEFSRU31 Router 1.42.3
Linksys EtherFast BEFSRU31 Router 1.41
Linksys EtherFast BEFSRU31 Router 1.40.2
Linksys EtherFast BEFSR81 Router 2.44
Linksys EtherFast BEFSR81 Router 2.42.7
Linksys EtherFast BEFSR81 Router
Linksys EtherFast BEFSR41 Router 1.45.7
Linksys EtherFast BEFSR41 Router 1.44
Linksys EtherFast BEFSR41 Router 1.43.3
Linksys EtherFast BEFSR41 Router 1.43
Linksys EtherFast BEFSR41 Router 1.42.7
Linksys EtherFast BEFSR41 Router 1.42.3
Linksys EtherFast BEFSR41 Router 1.41
Linksys EtherFast BEFSR41 Router 1.40.2
Linksys EtherFast BEFSR41 Router 1.39
Linksys EtherFast BEFSR41 Router 1.38
Linksys EtherFast BEFSR41 Router 1.37
Linksys EtherFast BEFSR41 Router 1.36
Linksys EtherFast BEFSR41 Router 1.35
Linksys EtherFast BEFSR41 Router 1.0 5.00
Linksys EtherFast BEFSR11 Router 1.44
Linksys EtherFast BEFSR11 Router 1.43.3
Linksys EtherFast BEFSR11 Router 1.43
Linksys EtherFast BEFSR11 Router 1.42.7
Linksys EtherFast BEFSR11 Router 1.42.3
Linksys EtherFast BEFSR11 Router 1.41
Linksys EtherFast BEFSR11 Router 1.40.2
Linksys EtherFast BEFN2PS4 Router
Linksys BEFW11S4 v4
Linksys BEFW11S4 v3
Linksys BEFW11S4 1.44
Linksys BEFW11S4 1.43.3
Linksys BEFW11S4 1.4.3
Linksys BEFW11S4 1.4.2 .7
Linksys BEFVP41 1.42.7
Linksys BEFVP41 1.40 .4
Linksys BEFVP41 1.40 .3f
Linksys BEFSX41 1.45.3
Linksys BEFSX41 1.44.3
Linksys BEFSX41 1.44
Linksys BEFSX41 1.43.4
Linksys BEFSX41 1.43.3
Linksys BEFSX41 1.43
Linksys BEFSX41 1.42.7
Linksys BEFSR81 v3
Linksys BEFSR81 v2
Linksys BEFSR81
Linksys BEFSR41W
Linksys BEFSR41 v3
Linksys BEFSR41 v2
Linksys BEFSR41 v1
Linksys BEFN2PS4 1.42.7
Linksys BEFCMU10
NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users.
Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed.
Exploit
An attacker likely utilizes a standard IRC client to exploit this issue.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com
References
References:
Keywords for this page:
BEFVP41 vxworks (from google) first seen: 2006-12-18 14:41:02
befvp41 v2 exploit (from google) first seen: 2007-04-12 17:46:45 hit: 2
befvp41 1 40 * firmware (from google) first seen: 2007-07-30 16:23:40
linksys befvp41 v2 exploit (from google) first seen: 2007-08-08 05:46:27
befw11s4 v2 1 43 3 (from google) first seen: 2007-08-22 05:18:04
befsr81 vxworks (from google) first seen: 2007-10-01 06:21:28
linksys befvp41 v2 1 (from google) first seen: 2007-10-01 15:24:40
netgear wgt624 (from google) first seen: 2007-12-31 17:43:12
befvp41 v2 1 (from google) first seen: 2008-02-02 00:41:01 hit: 3
befvp41 firmware 1 42 (from google) first seen: 2008-02-02 17:31:29
vxworks linksys befsr* (from google) first seen: 2008-02-07 13:18:09
befvp41 v2 1 firmware (from google) first seen: 2008-02-16 01:46:34 hit: 8
befsw11s4 ver 4 0 firmware 1 42 7 (from google) first seen: 2008-02-18 04:03:35
befvp41 v2 1 firmware upgrade? (from google) first seen: 2008-02-18 16:44:59
t (from google) first seen: 2008-03-15 05:14:04 hit: 24
befw11s4 v2 0 firmware (from google) first seen: 2008-03-24 02:39:07 hit: 3
linksys wap11 vxworks (from google) first seen: 2008-03-25 20:05:17
linksys befvp41 v2 1 firmware (from google) first seen: 2008-04-01 11:14:27
befw11s4 v2 1 (from google) first seen: 2008-04-04 11:11:18
befsr41 v2 1 firmware (from google) first seen: 2008-04-17 23:04:16
befvp41-v2 firmware (from google) first seen: 2008-05-02 11:07:39
befw11s4 linux or vxworks? (from google) first seen: 2008-05-03 21:49:39
befw11s4 v2 1 firmware upgrade (from google) first seen: 2008-05-09 14:26:05
linksys befw11s4 v2 1 firmware update (from google) first seen: 2008-05-10 01:49:20
linksys befw11s4 v2 1 firmware (from google) first seen: 2008-05-23 05:44:36
befsr41 ver 4 firmware (from google) first seen: 2008-05-24 11:36:30
befvp41 v2 firmware 1 40 3 (from google) first seen: 2008-05-27 04:19:29
fvs318 vxworks (from google) first seen: 2008-05-27 20:55:01 hit: 2
wrt54g v2 (from google) first seen: 2008-06-06 14:48:12
befvp41 v2 1 firmware update (from google) first seen: 2008-06-19 18:13:20
linksys befsr41 v2 disconnects (from google) first seen: 2008-06-22 19:03:00
linksys befsr41 v2 1 firmware (from google) first seen: 2008-07-01 20:04:45
f (from google) first seen: 2008-07-03 15:54:36 hit: 4
befw11s4 v2 1 45 7 (from google) first seen: 2008-07-28 01:54:29
befw11s4 v2 1 45 3 firmware (from google) first seen: 2008-08-06 18:53:05
cade cairns 2008 (from google) first seen: 2008-08-13 04:24:40
linksys befsr41 failure (from google) first seen: 2008-08-20 04:47:28
linksys befsr41 failure (from google) first seen: 2008-08-20 04:47:28
befvp41 v2 vulnerability (from google) first seen: 2008-08-24 14:45:07
irc denial of service (from google) first seen: 2008-08-26 06:36:09
dg834 exploit v4 (from google) first seen: 2008-08-28 01:33:00
firmware linux for befsx41 (from google) first seen: 2008-08-28 22:16:09
befsr81 v2 firmware download (from google) first seen: 2008-08-29 05:30:35
befw11s4 linux (from google) first seen: 2008-08-29 15:52:46
linksys befsr81 exploits (from google) first seen: 2008-08-29 16:01:56 hit: 3
wrt54g v4 vulnerability (from google) first seen: 2008-08-29 23:54:30
wrt54gs exploit (from google) first seen: 2008-08-30 07:00:09 hit: 2
dg834 v3 firmware (from google) first seen: 2008-08-30 14:51:35
netgear dg834g exploit (from google) first seen: 2008-08-30 18:27:13
linksys router fail befsr81 (from google) first seen: 2008-09-02 22:20:09
befsr81 v1 upgrade (from google) first seen: 2008-09-02 22:32:29
befsr41 v3 firmware (from google) first seen: 2008-09-03 23:58:40
befw11s v2 firmware (from google) first seen: 2008-09-04 03:05:13
befw11s4 v2 1 firmware (from google) first seen: 2008-09-05 08:19:33
netgear wgt624 v2 exploit (from google) first seen: 2008-09-05 09:03:13
linksys router firmware befw11s4 v1 0 (from google) first seen: 2008-09-06 21:33:18
linksys befsr41v2 1 45 7 firmware download (from google) first seen: 2008-09-07 03:47:21
befsr41 v2 exploits (from google) first seen: 2008-09-07 23:08:45
wap11 upgrade firmware v1 0 (from google) first seen: 2008-09-08 15:42:52
router exploit irc (from google) first seen: 2008-09-09 17:14:30
upgrade befw11s4 linux (from google) first seen: 2008-09-09 19:14:00
befsr81 v3 firmware upgrade (from google) first seen: 2008-09-10 19:40:33
linux router firmware for linksys befsr41 (from google) first seen: 2008-09-10 22:29:18
befvp41 firmware download (from google) first seen: 2008-09-11 06:03:05
wap11 2 8 firmware (from google) first seen: 2008-09-11 19:57:24
linksys befsx41 firmware upgrade (from google) first seen: 2008-09-11 21:05:15
befw11s4 v3 firmware (from google) first seen: 2008-09-13 01:14:15 hit: 4
linksys firmware 4 20 6 vulnerabilities (from google) first seen: 2008-09-13 02:14:18
exploit dg834g (from google) first seen: 2008-09-14 01:20:21
befw11s4 v2 firmware (from google) first seen: 2008-09-14 23:12:27 hit: 2
firmware 1 4 befw11s4 (from google) first seen: 2008-09-15 01:11:47
linksys befw11s4 v2 1 update download (from google) first seen: 2008-09-15 11:34:38
wrt54g v2 exploit (from google) first seen: 2008-09-16 04:15:07
vulnerability netgear dg834g (from google) first seen: 2008-09-17 14:32:05
firmware 3 3 6 linksys (from google) first seen: 2008-09-18 18:05:28
irc netgear (from google) first seen: 2008-09-19 13:10:36
remote irc (from google) first seen: 2008-09-19 22:47:16
router befvp41 firmware (from google) first seen: 2008-09-19 23:08:05
linksys wap11 firmware 2 8 (from google) first seen: 2008-09-20 22:12:56
wrt54g2 exploit (from google) first seen: 2008-09-20 23:19:57 hit: 2
gateway linksys router firmware (from google) first seen: 2008-09-21 17:43:46
1 45 7 firmware linksys download (from google) first seen: 2008-09-22 04:01:35
netgear wgt624 v2 0 firmware download (from google) first seen: 2008-09-22 07:11:39
netgear wgt624 v2 1 firmware (from google) first seen: 2008-09-23 20:33:48
befvp41 v2 download (from google) first seen: 2008-09-24 14:25:33
firmware befw11s4 (from google) first seen: 2008-09-25 19:41:18
firmware upgrade befsr81 3 1 (from google) first seen: 2008-09-26 08:48:46
befsr41 v3 ddos (from google) first seen: 2008-09-27 21:08:05
netgear 318 vxworks (from google) first seen: 2008-09-30 01:18:55
linksys router befsr41 firmware v2 0 (from google) first seen: 2008-09-30 02:10:15
befw11s4 (v4) 1 45 3 firmware (from google) first seen: 2008-10-01 02:47:28
linksys wap11 firmware v2 0 (from google) first seen: 2008-10-02 11:10:49
dg834g exploit (from google) first seen: 2008-10-02 22:58:07 hit: 3
firmware befvp41 (from google) first seen: 2008-10-03 14:15:17 hit: 2
netgear router explo (from google) first seen: 2008-10-04 18:37:11
befsr41 ver 2 1 update firmware (from google) first seen: 2008-10-06 05:19:57
linksys befsr81 v2 firmware update download (from google) first seen: 2008-10-06 13:58:08
befsr41 firmware linux (from google) first seen: 2008-10-07 04:04:10 hit: 2
linksys befsr41 v2 firmware update 1 43 3 (from google) first seen: 2008-10-07 06:14:17
firmware for befsr41 v2 (from google) first seen: 2008-10-07 06:57:45
installing linux on befsx41 (from google) first seen: 2008-10-07 16:06:55
befsr41 v3 upgrade to v4 (from google) first seen: 2008-10-07 16:45:43
befsr41 v3 (from google) first seen: 2008-10-08 17:19:04
netgear dg834g v3 firmware v2 0 download (from google) first seen: 2008-10-08 17:30:30
firmware befvp41 ver2 1 (from google) first seen: 2008-10-09 00:47:37
befsr81 v2 firmware (from google) first seen: 2008-10-09 01:16:45
linksys wap11 2 2 firmware (from google) first seen: 2008-10-09 08:45:14
vuln irc router (from google) first seen: 2008-10-09 16:39:44
wgt624 exploit (from google) first seen: 2008-10-10 00:37:11
befvp41 firmware 1 40 4 (from google) first seen: 2008-10-13 02:47:12
linksys wap11 upgade (from google) first seen: 2008-10-14 15:12:41
linksys befsx41 firmware version 1 43 (from google) first seen: 2008-10-14 18:13:35
2008-09-25 04:24:40 (from google) first seen: 2008-10-15 04:57:45
firmware befvp41 v2 1 (from google) first seen: 2008-10-15 16:25:40
befw11s4 ver 2 firmware (from google) first seen: 2008-10-16 20:45:56
dsl befw11s4 v3 firmware update 2008 (from google) first seen: 2008-10-17 03:41:11
download firmware wap11 ver 2 2 (from google) first seen: 2008-10-17 15:34:09
linksys befsx41 exploit (from google) first seen: 2008-10-17 19:33:30
download rooter exploit (from google) first seen: 2008-10-18 16:02:19
firmware v2 1 (from google) first seen: 2008-10-18 16:18:18
multi router exploit (from google) first seen: 2008-10-19 04:03:45
linux befsr41 (from google) first seen: 2008-10-19 10:13:33
firmware befw11s4 download (from google) first seen: 2008-10-19 11:09:38
upgrade befsr41 v2 to v3 (from google) first seen: 2008-10-19 21:48:34
wrt54gc v 2 0 firmware 1 0 7 download (from google) first seen: 2008-10-19 22:52:03
firmware befsr41 v4 0 (from google) first seen: 2008-10-20 07:12:07
install linux on linksys befvp41 (from google) first seen: 2008-10-20 21:31:46
firmware linksys wap11 2 8 (from google) first seen: 2008-10-21 17:09:51
wrt54g2 exploits (from google) first seen: 2008-10-22 20:00:48
befsr81 update v2 0 (from google) first seen: 2008-10-23 08:24:27
vxworks linksys router befsr41 (from google) first seen: 2008-10-23 12:56:08
mirc router exploit (from google) first seen: 2008-10-24 05:08:53 hit: 2
netgear firmware update for irc (from google) first seen: 2008-10-24 15:26:52
firmware upgrade linksys wrt54g 2 4 v2 (from google) first seen: 2008-10-24 23:56:00
befw11s4 v 2 1 firmware (from google) first seen: 2008-10-25 04:12:50
linksys befw11s4 v3 firmware (from google) first seen: 2008-10-26 15:20:48 hit: 2
befsx41 firmware 1 44 3 good? (from google) first seen: 2008-10-28 00:40:31
netgear irc (from google) first seen: 2008-10-30 00:03:40
firmware befw1154 v4 linux (from google) first seen: 2008-10-30 16:44:10
dg834g v2 firmware upgrade (from google) first seen: 2008-10-31 14:31:35
firmware upgrade befsr41 v2 (from google) first seen: 2008-10-31 17:35:21
netgear mirc disconnect exploit (from google) first seen: 2008-11-01 02:12:51
befsr41 ver 2 1 42 7 (from google) first seen: 2008-11-01 22:55:25
linksys irc exploit (from google) first seen: 2008-11-03 07:17:38
irc router exploit (from google) first seen: 2008-11-03 21:07:19
how to upgrade 1 40 2 firmware to befw11s4 linksys (from google) first seen: 2008-11-04 08:56:50
remote irc (from google) first seen: 2008-11-04 09:16:09
2008 befsr41 v2 firmware (from google) first seen: 2008-11-04 15:26:06
firmware wrt54gc v2 0 download (from google) first seen: 2008-11-04 16:53:44
linksys wap11 2 2 version 1 1 download (from google) first seen: 2008-11-04 20:53:41
firmware wrt54gc v2 0 (from google) first seen: 2008-11-06 00:51:13
befvp41 firmware update fails (from google) first seen: 2008-11-06 04:01:03
befvp41 v2 firmware (from google) first seen: 2008-11-06 11:30:03 hit: 3
irc router (from google) first seen: 2008-11-07 11:01:48
linksys befsr41 ver 2 download (from google) first seen: 2008-11-07 14:13:09
befsx41 linux (from google) first seen: 2008-11-10 12:09:47
netgear 834 vulnerability (from google) first seen: 2008-11-10 19:22:27
router irc exploit (from google) first seen: 2008-11-11 08:50:05
netgear router exploit (from google) first seen: 2008-11-12 00:55:25
linksys wrt54gc v2 0 firmware download (from google) first seen: 2008-11-12 10:52:30
befsr41v2 1 (from google) first seen: 2008-11-12 13:22:18
netgear dg834g firmware upgrade failure (from google) first seen: 2008-11-13 11:42:53
vxworks 2008-11 exploit (from google) first seen: 2008-11-13 19:16:55
dg834pn exploit (from google) first seen: 2008-11-13 22:44:30
befsx41 firmware download (from google) first seen: 2008-11-14 08:15:51
irc exploit in linux (from google) first seen: 2008-11-15 17:29:54
remote !google irc (from google) first seen: 2008-11-16 01:32:05
befsr81 v3 disconnecting (from google) first seen: 2008-11-16 14:10:08
linksys befvp41 firmware upgrade failed (from google) first seen: 2008-11-16 15:02:53
befw11s4 v4 vulnerabilities remote (from google) first seen: 2008-11-16 15:54:18
wrt54g ver 2 where to download firmware (from google) first seen: 2008-11-17 22:01:42
remote mirc (from google) first seen: 2008-11-18 00:48:55
befsx41 update download (from google) first seen: 2008-11-18 01:06:53
befw11s4 v 2 firmware upgrade (from google) first seen: 2008-11-19 12:05:18
router linux firmware befvp41 v2 (from google) first seen: 2008-11-20 00:14:54
firmware linksys download (from google) first seen: 2008-11-20 22:02:04
befsx41 good firmware (from google) first seen: 2008-11-21 01:47:57
befsr41 v2 1 (from google) first seen: 2008-11-21 03:21:57
befsr41 v2 1 download (from google) first seen: 2008-11-21 07:52:23
linux befvp41 (from google) first seen: 2008-11-21 18:56:46
GoogleBot visited this page on: 2008-11-21 21:46:26