Details of VAR-200309-0036

ID

VAR-200309-0036

TITLE

SMC Router Random UDP Packet Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-2994

DESCRIPTION

The SMC2404WBR is a wireless CABLE/DSL broadband router. SMC routers cannot properly handle randomly sent UDP packet port scans. Remote attackers can exploit this vulnerability to perform denial of service attacks on routers. Sending random UDP packets to ports 0-65000 on the router can cause the router to hang and stop responding to normal services. A denial of service has been reported in the SMC SMC2404WBR BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL Broadband Router. This condition was reportedly reproduced using one of the exploits for BID 8525. The SMC7004VWBR router is also affected by this vulnerability

Trust: 0.81

sources: CNVD: CNVD-2003-2994 // BID: 8711

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-2994

AFFECTED PRODUCTS

vendor:	smc7004vwbr	model:	smc	scope:	eq	version:	1.23	Trust: 0.6
vendor:	smc	model:	smc7004vwbr	scope:	eq	version:	1.23	Trust: 0.3
vendor:	smc	model:	smc7004vwbr	scope:	eq	version:	1.22	Trust: 0.3
vendor:	smc	model:	smc7004vwbr a	scope:	eq	version:	1.21	Trust: 0.3
vendor:	smc	model:	smc2404wbr	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-2994 // BID: 8711

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-2994
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-2994
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-2994

THREAT TYPE

network

Trust: 0.3

sources: BID: 8711

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 8711

EXTERNAL IDS

db:	BID	id:	8711	Trust: 0.9
db:	CNVD	id:	CNVD-2003-2994	Trust: 0.6

sources: CNVD: CNVD-2003-2994 // BID: 8711

REFERENCES

url:	http://www.securityfocus.com/bid/8711	Trust: 0.6
url:	/archive/1/339556	Trust: 0.3
url:	/archive/1/339214	Trust: 0.3

sources: CNVD: CNVD-2003-2994 // BID: 8711

CREDITS

Discovery of this issue is credited to <res076cf@alltel.net>.

Trust: 0.3

sources: BID: 8711

SOURCES

db:	CNVD	id:	CNVD-2003-2994
db:	BID	id:	8711

LAST UPDATE DATE

2022-05-17T01:47:38+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-2994	date:	2003-09-26T00:00:00
db:	BID	id:	8711	date:	2003-09-26T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-2994	date:	2003-09-26T00:00:00
db:	BID	id:	8711	date:	2003-09-26T00:00:00