Sign-up

ID

VAR-200412-0048


CVE

CVE-2004-0611


TITLE

WEB Management Interface Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-045

DESCRIPTION

Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. Multiple broadband routers from several different vendors, used for home and small office Internet sharing and routing are reported affected by a denial of service vulnerability in their web-based administration interfaces. The embedded web server is reportedly unable to maintain more than a small number of simultaneous TCP connections. An attacker who maintains a number of connections to port 80 of an affected device will block access to the web administration application for legitimate users. An attacker could block access to the administration interface as long as they can maintain the TCP connections. Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to be susceptible. NETGEAR FVS318 is a router with VPN, Microsoft MN-500 is a wireless router. There is a problem with the embedded WEB server included by many manufacturers, and a remote attacker can use this vulnerability to conduct a denial of service attack on the management interface of the device

Trust: 1.26

sources: NVD: CVE-2004-0611 // BID: 10585 // VULHUB: VHN-9041

AFFECTED PRODUCTS

vendor:netgearmodel:fvs318scope:eqversion:1.3

Trust: 1.9

vendor:netgearmodel:fvs318scope:eqversion:1.2

Trust: 1.9

vendor:netgearmodel:fvs318scope:eqversion:1.1

Trust: 1.9

vendor:netgearmodel:fvs318scope:eqversion:1.0

Trust: 1.9

vendor:microsoftmodel:mn-500scope: - version: -

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.45.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.44

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.41

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.40.2

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.39

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.38

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.37

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.36

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.35

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.05.00

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v3

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v2

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v1

Trust: 0.3

sources: BID: 10585 // CNNVD: CNNVD-200412-045 // NVD: CVE-2004-0611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0611
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-045
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9041
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0611
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9041
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9041 // CNNVD: CNNVD-200412-045 // NVD: CVE-2004-0611

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-045

TYPE

Design Error

Trust: 0.9

sources: BID: 10585 // CNNVD: CNNVD-200412-045

EXTERNAL IDS

db:BIDid:10585

Trust: 2.0

db:NVDid:CVE-2004-0611

Trust: 2.0

db:CNNVDid:CNNVD-200412-045

Trust: 0.7

db:BUGTRAQid:20040621 NETGEAR FVS318 WEB-BASED ADMINISTRATION DOS

Trust: 0.6

db:XFid:318

Trust: 0.6

db:XFid:16462

Trust: 0.6

db:VULHUBid:VHN-9041

Trust: 0.1

sources: VULHUB: VHN-9041 // BID: 10585 // CNNVD: CNNVD-200412-045 // NVD: CVE-2004-0611

REFERENCES

url:http://www.securityfocus.com/bid/10585

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16462

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=108787199201059&w=2

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/16462

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108787199201059&w=2

Trust: 0.6

url:http://www.netgear.com/

Trust: 0.3

url:http://www.netgear.com/products/prod_details.asp?prodid=129

Trust: 0.3

url:http://www.netgear.com/support_main.asp

Trust: 0.3

url:/archive/1/366823

Trust: 0.3

url:/archive/1/366601

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=108787199201059&w=2

Trust: 0.1

sources: VULHUB: VHN-9041 // BID: 10585 // CNNVD: CNNVD-200412-045 // NVD: CVE-2004-0611

CREDITS

Kurczaba Associates advisories※ advisories@kurczaba.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-045

SOURCES

db:VULHUBid:VHN-9041
db:BIDid:10585
db:CNNVDid:CNNVD-200412-045
db:NVDid:CVE-2004-0611

LAST UPDATE DATE

2024-08-14T13:01:26.127000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-9041date:2017-07-11T00:00:00
db:BIDid:10585date:2009-07-12T05:16:00
db:CNNVDid:CNNVD-200412-045date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0611date:2017-07-11T01:30:18.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-9041date:2004-12-06T00:00:00
db:BIDid:10585date:2004-06-21T00:00:00
db:CNNVDid:CNNVD-200412-045date:2004-06-22T00:00:00
db:NVDid:CVE-2004-0611date:2004-12-06T05:00:00