VAR-200809-0452
Vulnerability from variot - Updated: 2023-12-18 13:04The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi The access point driver is responsible for the association request. Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Atheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected. Linksys WRT350N is a popular wireless broadband router. Cause a denial of service or execute arbitrary commands. This information element is used by wireless devices to advertise Atheros specific capabilities. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was reported to Linksys, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable.
Credits:
- This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar5416-ac1e chipset",
"scope": null,
"trust": 1.4,
"vendor": "atheros",
"version": null
},
{
"model": "ar5416-ac1e chipset",
"scope": "eq",
"trust": 1.1,
"vendor": "atheros",
"version": "*"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 1.1,
"vendor": "linksys",
"version": "2.00.17"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "firmware 2.00.17"
},
{
"model": "wrt350n",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.0.17"
},
{
"model": "communications ar5416-ac1e",
"scope": "eq",
"trust": 0.3,
"vendor": "atheros",
"version": "0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:atheros:ar5416-ac1e_chipset:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt350n:2.00.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laurent Butti\u203b laurent.butti@orange-ftgroup.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5474",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5474",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-28836",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5474",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28836",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-5474",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi The access point driver is responsible for the association request. Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nAtheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected. Linksys WRT350N is a popular wireless broadband router. Cause a denial of service or execute arbitrary commands. This\ninformation element is used by wireless devices to advertise Atheros\nspecific capabilities. This can be achieved only after a successful 802.11\nauthentication (in \"Open\" or \"Shared\" mode according to the\nconfiguration of the wireless access point). \nThis security vulnerability was reported to Linksys, updated firmwares\nshould be available on their web site. Any other wireless device relying\non this vulnerable wireless driver is likely to be vulnerable. \n\nCredits:\n--------\n* This vulnerability was discovered by Laurent Butti and Julien Tinnes\nfrom France Telecom / Orange\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "PACKETSTORM",
"id": "69634"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-28836",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5474",
"trust": 3.0
},
{
"db": "BID",
"id": "31012",
"trust": 2.1
},
{
"db": "SREASON",
"id": "4226",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531",
"trust": 0.8
},
{
"db": "XF",
"id": "5416",
"trust": 0.6
},
{
"db": "XF",
"id": "44921",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080904 ATHEROS VENDOR SPECIFIC INFORMATION ELEMENT OVERFLOW",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "69634",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-28836",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-5474",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"id": "VAR-200809-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:04:46.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.atheros.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/flowerhack/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/84kaliplexon3/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/plexone2019/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/wi-fi-analyzer/wifuzzit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/31012"
},
{
"trust": 1.8,
"url": "http://securityreason.com/securityalert/4226"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/495984/100/0/threaded"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5474"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5474"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44921"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495984/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.atheros.com/"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495984"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5474"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28836"
},
{
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"db": "BID",
"id": "31012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"db": "PACKETSTORM",
"id": "69634"
},
{
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-28836"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-04T00:00:00",
"db": "BID",
"id": "31012"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"date": "2008-09-04T18:10:05",
"db": "PACKETSTORM",
"id": "69634"
},
{
"date": "2008-09-05T16:08:00",
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28836"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-5474"
},
{
"date": "2008-09-04T19:14:00",
"db": "BID",
"id": "31012"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002531"
},
{
"date": "2018-10-15T21:45:12.157000",
"db": "NVD",
"id": "CVE-2007-5474"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi Denial of service operation in access point driver (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-083"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…