A firmware update NETGEAR recently released for the N300 series routers addresses two denial-of-service (DoS) vulnerabilities found by security researchers at Cisco’s Talos group.
Tracked as CVE-2019-5054, the first of the two bugs resides in the session handling functionality of the NETGEAR N300 (WNR2000v5) HTTP server.
“An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing,” Talos explains.
To trigger the vulnerability, an unauthenticated attacker can send a specially crafted HTTP request, the security researchers have discovered.
The second DoS vulnerability is tracked as CVE-2019-5055 and resides in the Host Access Point Daemon (hostapd) on the N300 (WNR2000v5) wireless router.
Talos discovered that it is possible to cause a null pointer dereference and trigger a crash of the hostapd service via a SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service.
The vulnerability can be triggered by an unauthenticated attacker able to send a specially-crafted SOAP request, the researchers note.
Both of these vulnerabilities were discovered in the NETGEAR N300 WNR2000v5 firmware version 220.127.116.11.
NETGEAR has already released patches to address them and users are advised to update to WNR2000v5 firmware version 18.104.22.168.
To read the original article: