header-logo
Suggest Exploit
vendor:
Versalink 327W
by:
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Versalink 327W
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Denial of Service vulnerability in Westell Versalink 327W

The Westell Versalink 327W router is vulnerable to a denial of service attack when handling TCP 'LanD' packets. Remote attackers can exploit this vulnerability to crash the affected devices or temporarily block network routing functionality, resulting in a denial of service for legitimate users. An Hping2 command is provided as an example to exploit this vulnerability.

Mitigation:

No official patch or mitigation is available at the time of writing this report. Users are advised to restrict network access and apply other security measures to protect against this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15869/info

Westell Versalink 327W is prone to a denial of service vulnerability.

These devices are susceptible to a remote denial of service vulnerability when handling TCP 'LanD' packets.

This issue allows remote attackers to crash affected devices, or to temporarily block further network routing functionality. This will deny further network services to legitimate users.

Westell Versalink 327W is reportedly affected by this issue. Due to code reuse among devices, other devices may also be affected. 

The following Hping2 command is sufficient to crash affected devices. The IP addresses must both be configured on the targeted device:

hping2 -A -S -P -U 1.2.3.4 -s 80 -p 80 -a 192.168.1.1