Vendor of Product: Netgear
Affected Product and Version: Netgear R7000 V1.3.1.64_10.1.36 EAX80 V1.0.1.70_1.0.2
Description:
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL
property is set to 0 in the bftpd.conf
configurationfile. This can cause DoS attacks when unlimited users are connected.
Detail:
In the Netgear R7000 and EAX80
firmware, the partial content of /usr/etc/bftpd.conf
is as follows.
USERLIMIT_GLOBAL="0"
The official documentation of bftpd (https://bftpd.sourceforge.net/doc/en/bftpddoc-en-6.html) states the following requirements.
Name: USERLIMIT_GLOBAL
Description: The number of users that can be logged in at the same time. If set to "0", an unlimited users will be able to connect. This is not recommended, as it makes DoS attacks possible, even if the clients are kicked after a short time.
Values:
"0" - (zero) default. This is not recommended.
On most small servers, the connection limit should probably be below twenty ("20") but above five ("5").
Clearly, there is a misconfiguration vulnerability here. This can cause DoS attacks when unlimited users are connected.