Sign-up

ID

VAR-200212-0871


CVE

CVE-2002-2354


TITLE

Netgear FM114P Wireless Firewall TCP Connection Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3807

DESCRIPTION

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system.  Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall does not handle TCP connections correctly. Remote attackers can use this vulnerability to conduct denial of service attacks.  The FM114P Cable / DSL Prosafe 802.11b wireless firewall includes a WEB interface.  Normal function must be restored by manual restart. A reboot of the device is necessary to resume normal operation

Trust: 1.8

sources: NVD: CVE-2002-2354 // CNVD: CNVD-2002-3807 // BID: 5940 // VULHUB: VHN-6737

AFFECTED PRODUCTS

vendor:netgearmodel:fm114pscope:eqversion:*

Trust: 1.0

vendor:netgearmodel:fm114pscope: - version: -

Trust: 0.9

vendor:nonemodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2002-3807 // BID: 5940 // CNNVD: CNNVD-200212-314 // NVD: CVE-2002-2354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2354
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200212-314
value: HIGH

Trust: 0.6

VULHUB: VHN-6737
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-2354
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6737
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6737 // CNNVD: CNNVD-200212-314 // NVD: CVE-2002-2354

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-6737 // NVD: CVE-2002-2354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-314

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200212-314

EXTERNAL IDS

db:NVDid:CVE-2002-2354

Trust: 2.3

db:BIDid:5940

Trust: 2.0

db:CNNVDid:CNNVD-200212-314

Trust: 0.7

db:CNVDid:CNVD-2002-3807

Trust: 0.6

db:XFid:114

Trust: 0.6

db:BUGTRAQid:20021010 TCP FLOOD AGAINST NETGEAR FM114P

Trust: 0.6

db:NSFOCUSid:3653

Trust: 0.6

db:VULHUBid:VHN-6737

Trust: 0.1

sources: CNVD: CNVD-2002-3807 // VULHUB: VHN-6737 // BID: 5940 // CNNVD: CNNVD-200212-314 // NVD: CVE-2002-2354

REFERENCES

url:http://www.securityfocus.com/bid/5940

Trust: 1.7

url:http://www.securityfocus.com/archive/1/294702

Trust: 1.7

url:http://www.iss.net/security_center/static/10340.php

Trust: 1.7

url:http://www.nsfocus.net/vulndb/3653

Trust: 0.6

sources: VULHUB: VHN-6737 // CNNVD: CNNVD-200212-314 // NVD: CVE-2002-2354

CREDITS

Marc Ruef※ marc.ruef@computec.ch

Trust: 0.6

sources: CNNVD: CNNVD-200212-314

SOURCES

db:CNVDid:CNVD-2002-3807
db:VULHUBid:VHN-6737
db:BIDid:5940
db:CNNVDid:CNNVD-200212-314
db:NVDid:CVE-2002-2354

LAST UPDATE DATE

2024-08-14T13:40:28.363000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2002-3807date:2002-10-15T00:00:00
db:VULHUBid:VHN-6737date:2008-09-05T00:00:00
db:BIDid:5940date:2002-10-10T00:00:00
db:CNNVDid:CNNVD-200212-314date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2354date:2008-09-05T20:33:00.443

SOURCES RELEASE DATE

db:CNVDid:CNVD-2002-3807date:2002-10-10T00:00:00
db:VULHUBid:VHN-6737date:2002-12-31T00:00:00
db:BIDid:5940date:2002-10-10T00:00:00
db:CNNVDid:CNNVD-200212-314date:2002-10-10T00:00:00
db:NVDid:CVE-2002-2354date:2002-12-31T05:00:00