NETGEAR denial-of-service vulnerabilities fixed (CVE-2019-5054, CVE-2019-5055)

Researchers have discovered two denial-of-service (DoS) vulnerabilities in NETGEAR N300 home wireless routers. NETGEAR has since issued firmware updates to address the issues.

According to Cisco’s Talos security group, an attacker could exploit the vulnerabilities by sending specific SOAP and HTTP requests to the router and subsequently cause it to crash.

Talos described each of the DoS vulnerabilities in a blog post (and summarized below).

1) NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability (CVE-2019-5054):

“An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.”

2) NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability (CVE-2019-5055):

“An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.”

Talos worked with NETGEAR to ensure vulnerabilities were fixed. For the latest updates, download the NETGEAR WNR2000v5 Firmware Version 1.0.0.72.

Readers may also check out recent report on how a new Mirai botnet variant has evolved to exploit 13 different vulnerabilities found on IoT devices, to include WiFi routers. In one of those exploits, an Omni malware attack targeted NETGEAR devices.