CVE-2013-3606
Description
A long username (>16 chars) on the GoAhead login page of certain Dell PowerConnect switches causes a denial-of-service crash, requiring a device reset.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A long username (>16 chars) on the GoAhead login page of certain Dell PowerConnect switches causes a denial-of-service crash, requiring a device reset.
Vulnerability
The login page of the GoAhead web server on Dell PowerConnect 3348 (firmware version 1.2.1.3), 3524p (version 2.0.0.48), and 5324 (version 2.0.1.4) switches contains an improper input validation flaw (CWE-20). When a username longer than 16 characters is submitted directly to the web server via a crafted HTTP POST request, the login form crashes. The affected versions are explicitly listed in CERT/CC Vulnerability Note VU#122582 [1].
Exploitation
An unauthenticated attacker can trigger the vulnerability from the network by sending a crafted HTTP POST request with a username exceeding 16 characters to the switch's GoAhead web server login page. No authentication is required, and the attacker only needs network reachability to the switch's management interface. Multiple such requests may be needed to cause the device to become unresponsive [1].
Impact
Successful exploitation causes the switch to crash and become unresponsive, requiring a physical or remote reset of the device to restore functionality. The outcome is a denial of service (DoS), impacting the availability of the switch and potentially the network segment it serves. The CERT/CC note indicates that the crash can lead to device outage [1].
Mitigation
Dell has not released firmware updates for these PowerConnect models to address this vulnerability. Users are advised to restrict network access to the management interface (e.g., via VLANs or firewall rules) to trusted hosts only, as no patch is available. The affected switches are legacy products and may be end-of-life [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:h:dell:powerconnect_3348:1.2.1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:dell:powerconnect_3348:1.2.1.3:*:*:*:*:*:*:*
- (no CPE)range: =1.2.1.3 (3348), =2.0.0.48 (3524p), =2.0.1.4 (5324)
- cpe:2.3:h:dell:powerconnect_3524p:2.0.0.48:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerconnect_5324:2.0.1.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.kb.cert.org/vuls/id/122582nvdThird Party AdvisoryUS Government Resource
- exchange.xforce.ibmcloud.com/vulnerabilities/90598nvd
News mentions
0No linked articles in our index yet.