Details of VAR-200302-0050

ID

VAR-200302-0050

TITLE

USRobotics Broadband Router GET Request Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-0617

DESCRIPTION

US Robotics offers a wide range of broadband router devices, including the US Robotics Broadband-Router 8000A/8000-2 (USR848000A-02). The US Robotics 8000A/8000-2 broadband router lacks proper handling of long GET requests, and remote attackers can exploit this vulnerability to perform denial of service attacks on routers. The US Robotics 8000A/8000-2 broadband router includes an embedded WEB service program. Due to the lack of proper handling of long GET requests, an attacker submitting a long malicious input can cause the device to crash and generate a denial of service attack. USRobotics Broadband-Routers are reportedly prone to denial of service attacks. An attacker can exploit this vulnerability by issuing an overly long GET request to the embedded web server of a vulnerable USRobotics device. When the device attempts to process the malformed input, it will crash. It has been reported that this condition may be reproduced from within the internal network. This condition may be due to a buffer overflow. This issue is reported to affect v2.5 of US Robotics Broadband-Router 8000A/8000-2 (USR848000A-02)

Trust: 0.81

sources: CNVD: CNVD-2003-0617 // BID: 6994

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-0617

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	u s robotics	model:	broadband-router 8000a/8000-2	scope:	eq	version:	2.5	Trust: 0.3

sources: CNVD: CNVD-2003-0617 // BID: 6994

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-0617
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-0617
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-0617

THREAT TYPE

network

Trust: 0.3

sources: BID: 6994

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 6994

EXTERNAL IDS

db:	BID	id:	6994	Trust: 0.9
db:	CNVD	id:	CNVD-2003-0617	Trust: 0.6

sources: CNVD: CNVD-2003-0617 // BID: 6994

REFERENCES

url:	http://www.securityfocus.com/archive/82/313536/2003-02-25/2003-03-03/0	Trust: 0.9
url:	http://www.usr.com/	Trust: 0.3

sources: CNVD: CNVD-2003-0617 // BID: 6994

CREDITS

Discovery of this vulnerability has been credited to xti <xti@geekgate.org>.

Trust: 0.3

sources: BID: 6994

SOURCES

db:	CNVD	id:	CNVD-2003-0617
db:	BID	id:	6994

LAST UPDATE DATE

2022-05-17T02:01:43.292000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-0617	date:	2014-01-20T00:00:00
db:	BID	id:	6994	date:	2003-02-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-0617	date:	2003-02-28T00:00:00
db:	BID	id:	6994	date:	2003-02-28T00:00:00