Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
talosblog[email protected] (Jon Munshaw)TALOSBLOG:06E1AE59C0771F1D3617BAB9E61606A8
HistorySep 09, 2019 - 6:52 a.m.

Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers

2019-09-0906:52:04
[email protected] (Jon Munshaw)
feedproxy.google.com
28

0.004 Low

EPSS

Percentile

72.7%

JSON

_
_Dave McDaniel of Cisco Talos discovered these vulnerabilities.

The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crash entirely.

In accordance with our coordinated disclosure policy, Cisco Talos worked with NETGEAR to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability (TALOS-2019-0831/CVE-2019-5054)

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability (TALOS-2019-0832/CVE-2019-5055)

An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that NETGEAR N300 WNR2000v5 router, firmware version V1.0.0.70, is affected by these vulnerabilities.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 50040

Related

talos 2
cve 2
checkpoint_advisories 1
prion 2
cvelist 2
nvd 2
talos
talos
NETGEAR N300 WNR2000v5 unauthenticated HTTP denial-of-service vulnerability
2019-09-09 00:00:00
NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability
2019-09-09 00:00:00
cve
cve
CVE-2019-5055
2019-09-11 22:15:19
CVE-2019-5054
2019-09-11 22:15:19
checkpoint_advisories
checkpoint_advisories
NETGEAR N300 WNR2000v5 Denial of Service (CVE-2019-5055)
2019-12-19 00:00:00
prion
prion
Null pointer dereference
2019-09-11 22:15:00
Null pointer dereference
2019-09-11 22:15:00
cvelist
cvelist
CVE-2019-5055
2019-09-11 21:10:22
CVE-2019-5054
2019-09-11 21:09:39
nvd
nvd
CVE-2019-5055
2019-09-11 22:15:19
CVE-2019-5054
2019-09-11 22:15:19

0.004 Low

EPSS

Percentile

72.7%

JSON
Related for TALOSBLOG:06E1AE59C0771F1D3617BAB9E61606A8
talos2cve2checkpoint_advisories1prion2cvelist2nvd2