View Full Version : Potential email DDoS vuln on Netgear Rangemax routers..

06-08-08, 05:51 AM
Hi all.

I just found something interesting. If someone does not set the
default password to something sensible on many routers including
Netgear Rangemax, it is possible to DDoS a given email address by
setting up automatic email notifications of hacking attempts.

Did this as an experiment accidentally on my router, and had over 1500
emails in less than a day.

Obviously you have to set up an email address to use this "feature"
but these are ten a penny. Hack half a dozen or more routers via
wireless, and the unfortunate victim would be unable to use email at
all until every single router was found and reprogrammed.

the vuln here is that the interval can be set ridiculously short
(<5min) and the router does not care at all, or even warn you of the
potential problem.

Regards, -Q