cvelistv5 - cve-2009-0052

CVE-2009-0052 (GCVE-0-2009-0052)

Vulnerability from cvelistv5 – Published: 2009-11-12 23:00 – Updated: 2024-08-07 04:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/36991	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/507777/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2009/3212	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/37344	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/59880	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36991",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36991"
          },
          {
            "name": "20091110 Atheros Driver Reserved Frame Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
          },
          {
            "name": "ADV-2009-3212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3212"
          },
          {
            "name": "37344",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37344"
          },
          {
            "name": "59880",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/59880"
          },
          {
            "name": "netgear-wndap330-frame-dos(54216)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36991",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36991"
        },
        {
          "name": "20091110 Atheros Driver Reserved Frame Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
        },
        {
          "name": "ADV-2009-3212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3212"
        },
        {
          "name": "37344",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37344"
        },
        {
          "name": "59880",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/59880"
        },
        {
          "name": "netgear-wndap330-frame-dos(54216)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36991",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36991"
            },
            {
              "name": "20091110 Atheros Driver Reserved Frame Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
            },
            {
              "name": "ADV-2009-3212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3212"
            },
            {
              "name": "37344",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37344"
            },
            {
              "name": "59880",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/59880"
            },
            {
              "name": "netgear-wndap330-frame-dos(54216)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0052",
    "datePublished": "2009-11-12T23:00:00",
    "dateReserved": "2009-01-07T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3343171-6991-47F6-8BC0-B0CFBFE595C6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13D645AD-22A4-4DC6-BC81-1A06E8C61DCB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93A730EC-5444-4AFF-8173-061CBFFF4368\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.\"}, {\"lang\": \"es\", \"value\": \"El driver inal\\u00e1mbrico Atheros, tal como es usado en el punto de acceso Wi-Fi Netgear WNDAP330 con firmware 2.1.11 y otras versiones anteriores a la 3.0.3 en el chipset Atheros AR9160-BC1A, y otros productos, permite a usuarios remotos autenticados provocar una denagaci\\u00f3n de servicio (reinicio del dispositivo o cuelgue) y posiblemente ejecutar c\\u00f3digo de su elecci\\u00f3n mediante una trama reservada de gesti\\u00f3n truncada.\"}]",
      "id": "CVE-2009-0052",
      "lastModified": "2024-11-21T00:58:57.357",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:N/I:N/A:C\", \"baseScore\": 5.5, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 5.1, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-11-12T23:30:00.577",
      "references": "[{\"url\": \"http://secunia.com/advisories/37344\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/59880\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/507777/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/36991\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3212\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/37344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/59880\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/507777/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36991\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0052\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-11-12T23:30:00.577\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.\"},{\"lang\":\"es\",\"value\":\"El driver inal\u00e1mbrico Atheros, tal como es usado en el punto de acceso Wi-Fi Netgear WNDAP330 con firmware 2.1.11 y otras versiones anteriores a la 3.0.3 en el chipset Atheros AR9160-BC1A, y otros productos, permite a usuarios remotos autenticados provocar una denagaci\u00f3n de servicio (reinicio del dispositivo o cuelgue) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una trama reservada de gesti\u00f3n truncada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:N/I:N/A:C\",\"baseScore\":5.5,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.1,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3343171-6991-47F6-8BC0-B0CFBFE595C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D645AD-22A4-4DC6-BC81-1A06E8C61DCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A730EC-5444-4AFF-8173-061CBFFF4368\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/37344\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/59880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/507777/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36991\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/59880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507777/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-499

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permet de provoquer un déni de service à distance sur les Netgear WNDAP330.

Description

Une erreur de traitement dans le logiciel embarqué permet de redémarrer ou d'immobiliser le système.

Solution

Appliquer la mise à jour du logiciel embarqué.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Versions du logiciel embarqué antérieures à 3.0.3.

References

Title

Publication Time

Tags

CVE-2009-0052	None	vendor-advisory
Version 3.0.3 du logiciel embarqué : .	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions du logiciel embarqu\u00e9 ant\u00e9rieures \u00e0 3.0.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur de traitement dans le logiciel embarqu\u00e9 permet de red\u00e9marrer\nou d\u0027immobiliser le syst\u00e8me.\n\n## Solution\n\nAppliquer la mise \u00e0 jour du logiciel embarqu\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2009-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0052"
    }
  ],
  "links": [
    {
      "title": "Version 3.0.3 du logiciel embarqu\u00e9 :      \n.",
      "url": "http://kb.netgear.com/app/answers/detail/a_id/12199"
    }
  ],
  "reference": "CERTA-2009-AVI-499",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permet de provoquer un d\u00e9ni de service \u00e0 distance sur\nles Netgear WNDAP330.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Netgear WNDAP330",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "CVE-2009-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0052"
    }
  ]
}

CERTA-2009-AVI-499

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permet de provoquer un déni de service à distance sur les Netgear WNDAP330.

Description

Une erreur de traitement dans le logiciel embarqué permet de redémarrer ou d'immobiliser le système.

Solution

Appliquer la mise à jour du logiciel embarqué.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Versions du logiciel embarqué antérieures à 3.0.3.

References

Title

Publication Time

Tags

CVE-2009-0052	None	vendor-advisory
Version 3.0.3 du logiciel embarqué : .	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions du logiciel embarqu\u00e9 ant\u00e9rieures \u00e0 3.0.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur de traitement dans le logiciel embarqu\u00e9 permet de red\u00e9marrer\nou d\u0027immobiliser le syst\u00e8me.\n\n## Solution\n\nAppliquer la mise \u00e0 jour du logiciel embarqu\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2009-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0052"
    }
  ],
  "links": [
    {
      "title": "Version 3.0.3 du logiciel embarqu\u00e9 :      \n.",
      "url": "http://kb.netgear.com/app/answers/detail/a_id/12199"
    }
  ],
  "reference": "CERTA-2009-AVI-499",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permet de provoquer un d\u00e9ni de service \u00e0 distance sur\nles Netgear WNDAP330.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Netgear WNDAP330",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "CVE-2009-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0052"
    }
  ]
}

FKIE_CVE-2009-0052

Vulnerability from fkie_nvd - Published: 2009-11-12 23:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/37344	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/59880
cve@mitre.org	http://www.securityfocus.com/archive/1/507777/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/36991
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3212	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/54216
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37344	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/59880
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507777/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36991
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3212	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54216

Impacted products

Vendor	Product	Version
netgear	wndap330_firmware	2.1.11
atheros	ar9160-bc1a_chipset	*
netgear	wndap330	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3343171-6991-47F6-8BC0-B0CFBFE595C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D645AD-22A4-4DC6-BC81-1A06E8C61DCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A730EC-5444-4AFF-8173-061CBFFF4368",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
    },
    {
      "lang": "es",
      "value": "El driver inal\u00e1mbrico Atheros, tal como es usado en el punto de acceso Wi-Fi Netgear WNDAP330 con firmware 2.1.11 y otras versiones anteriores a la 3.0.3 en el chipset Atheros AR9160-BC1A, y otros productos, permite a usuarios remotos autenticados provocar una denagaci\u00f3n de servicio (reinicio del dispositivo o cuelgue) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una trama reservada de gesti\u00f3n truncada."
    }
  ],
  "id": "CVE-2009-0052",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-12T23:30:00.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37344"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/59880"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36991"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3212"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/59880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6JVR-QGRQ-69G3

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2022-05-02 03:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0052"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-12T23:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.",
  "id": "GHSA-6jvr-qgrq-69g3",
  "modified": "2022-05-02T03:12:36Z",
  "published": "2022-05-02T03:12:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0052"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37344"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/59880"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36991"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-0052

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0052

Aliases

CVE-2009-0052

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0052",
    "description": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.",
    "id": "GSD-2009-0052"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0052"
      ],
      "details": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.",
      "id": "GSD-2009-0052",
      "modified": "2023-12-13T01:19:44.126664Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0052",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "36991",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36991"
          },
          {
            "name": "20091110 Atheros Driver Reserved Frame Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
          },
          {
            "name": "ADV-2009-3212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3212"
          },
          {
            "name": "37344",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37344"
          },
          {
            "name": "59880",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/59880"
          },
          {
            "name": "netgear-wndap330-frame-dos(54216)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0052"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59880",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/59880"
            },
            {
              "name": "36991",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36991"
            },
            {
              "name": "ADV-2009-3212",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3212"
            },
            {
              "name": "37344",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37344"
            },
            {
              "name": "netgear-wndap330-frame-dos(54216)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
            },
            {
              "name": "20091110 Atheros Driver Reserved Frame Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:59Z",
      "publishedDate": "2009-11-12T23:30Z"
    }
  }
}

VAR-200911-0002

Vulnerability from variot - Updated: 2023-12-18 13:35

The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. NETGEAR WNDAP330 is prone to a denial-of-service vulnerability because it fails to properly parse malformed reserved management frames. Successful exploits will cause the affected device to crash or reboot, denying service to legitimate users. WNDAP330 with firmware 2.1.11 is vulnerable.

Assigned CVE:

CVE-2009-0052

Details:

The bug can be triggered by a malicious reserved management frame sent to the wireless access point (truncated packet). This can be achieved only after a successful 802.11 authentication (in "Open" mode according to the configuration of the wireless access point) and a successful 802.11 association with appropriate security parameters (e.g. WPA w/ TKIP unicast, TKIP multicast) which depends on the configuration of the wireless access point. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable.

Credits:

This vulnerability was discovered by Laurent Butti from France Telecom / Orange . ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Netgear WNDAP330 Management Frame Denial of Service

SECUNIA ADVISORY ID: SA37344

VERIFY ADVISORY: http://secunia.com/advisories/37344/

DESCRIPTION: A vulnerability has been reported in Netgear WNDAP330, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the parsing of management frames, which can be exploited to reboot or hang an affected device.

The vulnerability is reported in firmware version 2.1.11. Other versions may also be affected.

SOLUTION: Update to version 3.0.3. http://kb.netgear.com/app/answers/detail/a_id/12199

PROVIDED AND/OR DISCOVERED BY: Laurent Butti from France Telecom / Orange

ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/current/0070.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0002",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wndap330",
        "scope": "eq",
        "trust": 2.0,
        "vendor": "netgear",
        "version": "2.1.11"
      },
      {
        "model": "ar9160-bc1a chipset",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "atheros",
        "version": "*"
      },
      {
        "model": "ar9160-bc1a chipset",
        "scope": null,
        "trust": 0.8,
        "vendor": "atheros",
        "version": null
      },
      {
        "model": "wndap330",
        "scope": null,
        "trust": 0.8,
        "vendor": "net gear",
        "version": null
      },
      {
        "model": "wndap330",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "2.1.11 and  3.0.3 other"
      },
      {
        "model": "wndap330",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "netgear",
        "version": "3.0.3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Laurent Butti",
    "sources": [
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2009-0052",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.1,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 5.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-0052",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.1,
            "id": "VHN-37498",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-0052",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200911-144",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-37498",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2009-0052",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. NETGEAR WNDAP330 is prone to a denial-of-service vulnerability because it fails to properly parse malformed reserved management frames. \nSuccessful exploits will cause the affected device to crash or reboot, denying service to legitimate users. \nWNDAP330 with firmware 2.1.11 is vulnerable. \n\nAssigned CVE:\n-------------\n* CVE-2009-0052\n\nDetails:\n--------\n* The bug can be triggered by a malicious reserved management frame sent\nto the wireless access point (truncated packet). This can be achieved\nonly after a successful 802.11 authentication (in \"Open\" mode according\nto the configuration of the wireless access point) and a successful\n802.11 association with appropriate security parameters (e.g. WPA w/\nTKIP unicast, TKIP multicast) which depends on the configuration of the\nwireless access point. Any other wireless device relying\non this vulnerable wireless driver is likely to be vulnerable. \n\nCredits:\n--------\n* This vulnerability was discovered by Laurent Butti from France Telecom\n/ Orange\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nNetgear WNDAP330 Management Frame Denial of Service\n\nSECUNIA ADVISORY ID:\nSA37344\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37344/\n\nDESCRIPTION:\nA vulnerability has been reported in Netgear WNDAP330, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an unspecified error in the\nparsing of management frames, which can be exploited to reboot or\nhang an affected device. \n\nThe vulnerability is reported in firmware version 2.1.11. Other\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 3.0.3. \nhttp://kb.netgear.com/app/answers/detail/a_id/12199\n\nPROVIDED AND/OR DISCOVERED BY:\nLaurent Butti from France Telecom / Orange\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/bugtraq/current/0070.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "db": "PACKETSTORM",
        "id": "82583"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-37498",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0052",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "36991",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "37344",
        "trust": 1.9
      },
      {
        "db": "OSVDB",
        "id": "59880",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3212",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20091110 ATHEROS DRIVER RESERVED FRAME VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "54216",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "330",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82665",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-37498",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2009/3212",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82583",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "db": "PACKETSTORM",
        "id": "82583"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "id": "VAR-200911-0002",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:35:27.772000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.atheros.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.netgear.com/"
      },
      {
        "title": "wifuzzit",
        "trust": 0.1,
        "url": "https://github.com/0xd012/wifuzzit "
      },
      {
        "title": "wifuzzit",
        "trust": 0.1,
        "url": "https://github.com/flowerhack/wifuzzit "
      },
      {
        "title": "wifuzzit",
        "trust": 0.1,
        "url": "https://github.com/84kaliplexon3/wifuzzit "
      },
      {
        "title": "wifuzzit",
        "trust": 0.1,
        "url": "https://github.com/plexone2019/wifuzzit "
      },
      {
        "title": "wifuzzit",
        "trust": 0.1,
        "url": "https://github.com/wi-fi-analyzer/wifuzzit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/36991"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/59880"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/37344"
      },
      {
        "trust": 1.8,
        "url": "http://www.vupen.com/english/advisories/2009/3212"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0052"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0052"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/54216"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/507777/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://archives.neohapsis.com/archives/bugtraq/current/0070.html"
      },
      {
        "trust": 0.4,
        "url": "http://kb.netgear.com/app/answers/detail/a_id/12199"
      },
      {
        "trust": 0.3,
        "url": "http://www.netgear.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/507777"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/0xd012/wifuzzit"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0052"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37344/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "db": "PACKETSTORM",
        "id": "82583"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "db": "BID",
        "id": "36991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "db": "PACKETSTORM",
        "id": "82583"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "date": "2009-11-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "date": "2009-11-11T00:00:00",
        "db": "BID",
        "id": "36991"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "date": "2009-11-17T01:44:34",
        "db": "PACKETSTORM",
        "id": "82665"
      },
      {
        "date": "2009-11-16T09:28:42",
        "db": "PACKETSTORM",
        "id": "82583"
      },
      {
        "date": "2009-11-12T23:30:00.577000",
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "date": "2009-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37498"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-0052"
      },
      {
        "date": "2010-07-21T19:16:00",
        "db": "BID",
        "id": "36991"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      },
      {
        "date": "2018-10-11T20:59:49.343000",
        "db": "NVD",
        "id": "CVE-2009-0052"
      },
      {
        "date": "2009-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Atheros AR9160-BC1A On chipset  Netgear WNDAP330 Wi-Fi Used by access points  Atheros Service disruption in wireless drivers  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-003170"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-144"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0052 (GCVE-0-2009-0052)

CERTA-2009-AVI-499

Description

Solution

CERTA-2009-AVI-499

Description

Solution

FKIE_CVE-2009-0052

GHSA-6JVR-QGRQ-69G3

GSD-2009-0052

VAR-200911-0002

Assigned CVE:

Details:

Credits:

Tags

Sightings

Nomenclature