Empirically, a critical error was discovered in the D-Link DGS-3000-10TC switch (Hardware Version: A2), which allows a denial of service to be initiated by sending a specially designed network packet. After processing such packets, the switch enters a state with 100% CPU load, which can only be resolved by a reboot.
When reporting the problem, D-Link support responded “Good afternoon, after another check, the developers believe that there is no problem with the DGS-3000-10TC. The problem was due to a broken package that was sent by the DGS-3000-20L and after the fix there were no problems with the new firmware.” In other words, it has been confirmed that the DGS-3000-20L switch (and others in this series) breaks the packet from the PPP-over-Ethernet Discovery (pppoed) client, and this problem is fixed in the firmware.
At the same time, D-Link representatives do not admit the presence of a similar problem in another DGS-3000-10TC model, despite providing information that allows the vulnerability to be repeated. After refusing to fix the problem, to demonstrate the possibility of carrying out an attack and to encourage the release of a firmware update by the manufacturer, a pcap dump of the “death package” was published, which can be sent to check for the problem using the tcpreplay utility.
Source: opennet.ru