A user can deny access to the web-based administration by establishing 1 connection to the web-based administration port (80) on a Linksys BEFSR41 Cable/DSL Router. Until the connection is closed, the router administrator cannot access the web-based administration. Note that the router automatically closes the TCP connection after about ten seconds of inactivity.
cc4d06d74473ac6a04901d1309b131325e16dbe2a571ed5f24f1a9fce4b531f9
------------------------------------------------------------------------
* Linksys BEFSR41 Cable/DSL Router Web-Based Administration DoS*
*Vulnerability ID Number:*
0406212
* Overview:*
A vulnerability has been found in the Linksys BEFSR41 Cable/DSL Router
Web-Based Administration.
* Vendor:*
Linksys (http://www.linksys.com <http://www.linksys.com/>)
* Vulnerability/Exploit:*
A user can deny access to the web-based administration by establishing 1
connection to the web-based administration port (80). Until the
connection is closed, the router administrator cannot access the
web-based administration. Note that the router automatically closes the
TCP connection after about ten seconds of inactivity.
* Workaround:*
None so far.
* Date Discovered:*
June 21, 2004
* Severity:*
Medium
* Credit:*
Paul Kurczaba
Kurczaba Associates
Visit http://www.kurczaba.com/mailinglists.htm for mailing lists in
Security, Encryption, Wireless, MS-Security, and Production Security.
Copyright 2003-2004 Kurczaba Associates