Vendor of Product: Netgear

Affected Product and Version: RAX30 V1.0.10.94_3

Description: In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL property is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.

Detail:

In the Netgear RAX30 firmware, the partial content of /etc/bftpd.conf is as follows.

USERLIMIT_GLOBAL="0"

The official documentation of bftpd (https://bftpd.sourceforge.net/doc/en/bftpddoc-en-6.html) states the following requirements.

Name: USERLIMIT_GLOBAL
Description: The number of users that can be logged in at the same time. If set to "0", an unlimited users will be able to connect. This is not recommended, as it makes DoS attacks possible, even if the clients are kicked after a short time.

Values:
"0" - (zero) default. This is not recommended.
On most small servers, the connection limit should probably be below twenty ("20") but above five ("5").

Clearly, there is a misconfiguration vulnerability here. This can cause DoS attacks when unlimited users are connected.