Title: Netopia R9100 Router Denial of Service Vulnerability
Severity: LOW
Description:
The Netopia R9100 Router, running firmware version 4.6, is vulnerable to a denial-of-service attack.
Under very specific circumstances, an attacker can cause the affected router to stop. By attempting to make a looped connection from the router's IP address back to the same address, the unit will crash. A manual restart is required to resume operation.
This vulnerability has implications for system logging. Typically, all user connections and disconnections are logged by the device. If attackers attempt to delete logs, there is still a trace of their presence when logging out. However, this 'trace' may be subverted by crashing the system before a disconnect record is made.
While the crash itself is logged, the system cannot log the user who caused it. The attacker can therefore delete all traces of malicious activity, then crash the system. This attack prevents user-disconnect logging and may help the attacker carry out further attacks on the affected host or other systems on its network.
Netopia R9100 Router running firmware version 4.6 is vulnerable; subsequent (and current) versions are not vulnerable.
Affected Products:
- Netopia R9100 DSL Router 4.6
References:
- Netopia Support: Upgrading Netopia Router Firmware
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
