Search criteria
4 vulnerabilities found for wrt350n by linksys
VAR-200809-0452
Vulnerability from variot - Updated: 2023-12-18 13:04The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi The access point driver is responsible for the association request. Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Atheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected. Linksys WRT350N is a popular wireless broadband router. Cause a denial of service or execute arbitrary commands. This information element is used by wireless devices to advertise Atheros specific capabilities. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was reported to Linksys, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable.
Credits:
- This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar5416-ac1e chipset",
"scope": null,
"trust": 1.4,
"vendor": "atheros",
"version": null
},
{
"model": "ar5416-ac1e chipset",
"scope": "eq",
"trust": 1.1,
"vendor": "atheros",
"version": "*"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 1.1,
"vendor": "linksys",
"version": "2.00.17"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "firmware 2.00.17"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.0.17"
},
{
"model": "communications ar5416-ac1e",
"scope": "eq",
"trust": 0.3,
"vendor": "atheros",
"version": "0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:atheros:ar5416-ac1e_chipset:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt350n:2.00.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laurent Butti\u203b laurent.butti@orange-ftgroup.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5474",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5474",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-28836",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5474",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28836",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-5474",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi The access point driver is responsible for the association request. Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nAtheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected. Linksys WRT350N is a popular wireless broadband router. Cause a denial of service or execute arbitrary commands. This\ninformation element is used by wireless devices to advertise Atheros\nspecific capabilities. This can be achieved only after a successful 802.11\nauthentication (in \"Open\" or \"Shared\" mode according to the\nconfiguration of the wireless access point). \nThis security vulnerability was reported to Linksys, updated firmwares\nshould be available on their web site. Any other wireless device relying\non this vulnerable wireless driver is likely to be vulnerable. \n\nCredits:\n--------\n* This vulnerability was discovered by Laurent Butti and Julien Tinnes\nfrom France Telecom / Orange\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "PACKETSTORM",
"id": "69634"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-28836",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5474",
"trust": 3.0
},
{
"db": "BID",
"id": "31012",
"trust": 2.1
},
{
"db": "SREASON",
"id": "4226",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531",
"trust": 0.8
},
{
"db": "XF",
"id": "5416",
"trust": 0.6
},
{
"db": "XF",
"id": "44921",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080904 ATHEROS VENDOR SPECIFIC INFORMATION ELEMENT OVERFLOW",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "69634",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-28836",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-5474",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"id": "VAR-200809-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:04:46.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.atheros.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/flowerhack/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/84kaliplexon3/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/plexone2019/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/wi-fi-analyzer/wifuzzit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/31012"
},
{
"trust": 1.8,
"url": "http://securityreason.com/securityalert/4226"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5474"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5474"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44921"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495984/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.atheros.com/"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495984"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5474"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-28836"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-04T00:00:00",
"db": "BID",
"id": "31012"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"date": "2008-09-04T18:10:05",
"db": "PACKETSTORM",
"id": "69634"
},
{
"date": "2008-09-05T16:08:00",
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28836"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-04T19:14:00",
"db": "BID",
"id": "31012"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"date": "2018-10-15T21:45:12.157000",
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi Denial of service operation in access point driver (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
}
}
FKIE_CVE-2007-5474
Vulnerability from fkie_nvd - Published: 2008-09-05 16:08 - Updated: 2025-04-09 00:30
Severity ?
Summary
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| atheros | ar5416-ac1e_chipset | * | |
| linksys | wrt350n | 2.00.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atheros:ar5416-ac1e_chipset:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A125E74-B624-470B-8923-6AA3C57DBF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt350n:2.00.17:*:*:*:*:*:*:*",
"matchCriteriaId": "09DD63BB-4E99-4E2B-A94B-13A24897C6E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long."
},
{
"lang": "es",
"value": "El driver para el punto de acceso Wi-Fi de Linksys WRT350N con firmware 2.00.17 y chipset Atheros AR5416-AC1E no realiza correctamente el an\u00e1lisis sint\u00e1ctico del elemento de informaci\u00f3n espec\u00edfico del fabricante Atheros en una petici\u00f3n de asociaci\u00f3n, lo cual permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (reinicio de sistema o cuelgue) o posiblemente ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de un elemento de informaci\u00f3n Atheros de longitud no v\u00e1lida, tal y como se ha demostrado con un elemento demasiado largo."
}
],
"id": "CVE-2007-5474",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-05T16:08:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4226"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31012"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-5474 (GCVE-0-2007-5474)
Vulnerability from cvelistv5 – Published: 2008-09-05 16:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5474",
"datePublished": "2008-09-05T16:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5474 (GCVE-0-2007-5474)
Vulnerability from nvd – Published: 2008-09-05 16:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31012"
},
{
"name": "4226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4226"
},
{
"name": "20080904 Atheros Vendor Specific Information Element Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"name": "atheros-as5416ac1e-associationrequest-dos(44921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5474",
"datePublished": "2008-09-05T16:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}