CVE-2004-0610

Vulnerability

The web-based administration interface of the Microsoft MN-500 Wireless Router (firmware version unknown) is vulnerable to a denial-of-service condition. By establishing 30 concurrent HTTP connections to port 80, an attacker can cause the interface to refuse further connections, preventing legitimate administrative access. No authentication or special privileges are required to trigger the issue [1].

Exploitation

An attacker with network access to the router can send 30 HTTP requests to the administration port (80) and keep them open. Once the threshold is reached, the web server stops accepting new connections. The attack does not require any user interaction or prior knowledge of credentials [1].

Impact

Successful exploitation results in a denial of service: the router administrator is unable to access the web-based administration interface until the attacker closes the connections or the connections time out. No other router functions are reported to be affected [1].

Mitigation

No official fix or workaround has been disclosed by Microsoft for this vulnerability. The router may be end-of-life; users should consider replacing it with a supported device. No mitigation is available in the referenced advisory [1].