The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

NetGear WG311v1 Wireless Driver Long SSID Overflow

This module exploits a buffer overflow in the NetGear WG311v1 wireless device driver under Windows XP and 2000. A kernel-mode heap overflow occurs when malformed probe response frame is received that contains a long SSID field This DoS was tested with version 2.3.1.10 of the WG311ND5.SYS driver and a NetGear WG311v1 PCI card. A remote code execution module is also in development. This module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.

Rank

• Normal

Authors

• Laurent Butti < 0x9090 [at] gmail.com >

References

• CVE-2006-6125
• OSVDB-30511
• http://projects.info-pull.com/mokb/MOKB-22-11-2006.html
• ftp://downloads.netgear.com/files/wg311_1_3.zip

Development

• Source Code
• History

Similar Modules

• auxiliary/dos/wifi/apple_orinoco_probe_response
• auxiliary/dos/wifi/cts_rts_flood
• auxiliary/dos/wifi/deauth
• auxiliary/dos/wifi/fakeap
• auxiliary/dos/wifi/file2air
• auxiliary/dos/wifi/netgear_ma521_rates
• auxiliary/dos/wifi/probe_resp_null_ssid
• auxiliary/dos/wifi/ssidlist_beacon
• auxiliary/dos/wifi/wifun

Usage Information

Module Options