Vendor of Product: Netgear

Affected Product and Version: Netgear R7000 V1.3.1.64_10.1.36 EAX80 V1.0.1.70_1.0.2

Description: In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL property is set to 0 in the bftpd.conf configurationfile. This can cause DoS attacks when unlimited users are connected.

Detail:

In the Netgear R7000 and EAX80 firmware, the partial content of /usr/etc/bftpd.conf is as follows.

USERLIMIT_GLOBAL="0"

The official documentation of bftpd (https://bftpd.sourceforge.net/doc/en/bftpddoc-en-6.html) states the following requirements.

Name: USERLIMIT_GLOBAL
Description: The number of users that can be logged in at the same time. If set to "0", an unlimited users will be able to connect. This is not recommended, as it makes DoS attacks possible, even if the clients are kicked after a short time.

Values:
"0" - (zero) default. This is not recommended.
On most small servers, the connection limit should probably be below twenty ("20") but above five ("5").

Clearly, there is a misconfiguration vulnerability here. This can cause DoS attacks when unlimited users are connected.