Details of VAR-200709-0075

ID

VAR-200709-0075

CVE

CVE-2007-5036

TITLE

AirDefense Airsensor M520 Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2007-002670

DESCRIPTION

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter.". (1) adLog.cgi (2) post.cgi (3) ad.cgi. The AirDefense M520 is prone to multiple remote denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. A successful attack will cause the device's HTTPD service to crash. Given the nature of these issues, remote code execution may also be possible, but this has not been confirmed. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: AirDefense Airsensor M520 HTTPS Request Handling Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA26869 VERIFY ADVISORY: http://secunia.com/advisories/26869/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: AirDefense Firmware 4.x http://secunia.com/product/15763/ DESCRIPTION: Alex Hernandez has reported some vulnerabilities in AirDefense Airsensor M520, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to unspecified errors in adLog.cgi, post.cgi, and ad.cgi and can be exploited to crash the HTTPS service via a specially crafted HTTPS request. The vulnerabilities are reported in AirDefense firmware versions 4.3.1.1 and 4.4.1.4, model M520. Other versions may also be affected. SOLUTION: Update to the latest firmware version. PROVIDED AND/OR DISCOVERED BY: Alex Hernandez, Sybsecurity ORIGINAL ADVISORY: http://www.sybsecurity.com/advisors/SYBSEC-ADV01-Airsensor_M520_HTTPD_Remote_Preauth_Denial_Of_Service_and_Buffer_Overflow_PoC ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2007-5036 // JVNDB: JVNDB-2007-002670 // BID: 25715 // VULHUB: VHN-28398 // VULMON: CVE-2007-5036 // PACKETSTORM: 59437

IOT TAXONOMY

category:

['industrial device']

sub_category:

military device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	airdefense	model:	airsensor	scope:	eq	version:	m520	Trust: 1.6
vendor:	airdefense	model:	airsensor	scope:	eq	version:	firmware 4.3.1.1 and 4.4.1.4 of m520	Trust: 0.8
vendor:	airdefense	model:	m520	scope:	eq	version:	0	Trust: 0.3

sources: BID: 25715 // JVNDB: JVNDB-2007-002670 // CNNVD: CNNVD-200709-338 // NVD: CVE-2007-5036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5036
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5036
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200709-338
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28398
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-5036
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5036
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-28398
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28398 // VULMON: CVE-2007-5036 // JVNDB: JVNDB-2007-002670 // CNNVD: CNNVD-200709-338 // NVD: CVE-2007-5036

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-20	Trust: 1.9

sources: VULHUB: VHN-28398 // JVNDB: JVNDB-2007-002670 // NVD: CVE-2007-5036

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-338

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200709-338

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002670

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28398 // VULMON: CVE-2007-5036

PATCH

title:	Top Page	url:	http://www.airdefense.net/index.php	Trust: 0.8
title:	CVE-2007-5036	url:	https://github.com/alt3kx/CVE-2007-5036	Trust: 0.1
title:	alt3kx.github.io	url:	https://github.com/alt3kx/alt3kx.github.io	Trust: 0.1

sources: VULMON: CVE-2007-5036 // JVNDB: JVNDB-2007-002670

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5036	Trust: 3.0
db:	BID	id:	25715	Trust: 2.1
db:	SECUNIA	id:	26869	Trust: 1.9
db:	VUPEN	id:	ADV-2007-3226	Trust: 1.8
db:	EXPLOIT-DB	id:	4426	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-002670	Trust: 0.8
db:	XF	id:	36691	Trust: 0.6
db:	MILW0RM	id:	4426	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-338	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-28398	Trust: 0.1
db:	VULMON	id:	CVE-2007-5036	Trust: 0.1
db:	PACKETSTORM	id:	59437	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-28398 // VULMON: CVE-2007-5036 // BID: 25715 // JVNDB: JVNDB-2007-002670 // PACKETSTORM: 59437 // CNNVD: CNNVD-200709-338 // NVD: CVE-2007-5036

REFERENCES

url:	http://www.securityfocus.com/bid/25715	Trust: 1.9
url:	http://www.sybsecurity.com/advisors/sybsec-adv01-airsensor_m520_httpd_remote_preauth_denial_of_service_and_buffer_overflow_poc	Trust: 1.9
url:	http://secunia.com/advisories/26869	Trust: 1.8
url:	https://www.exploit-db.com/exploits/4426	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2007/3226	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36691	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5036	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5036	Trust: 0.8
url:	http://www.milw0rm.com/exploits/4426	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/36691	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3226	Trust: 0.6
url:	http://www.airdefense.net	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/alt3kx/cve-2007-5036	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/4426/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/15763/	Trust: 0.1
url:	http://secunia.com/advisories/26869/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

Alex Hernandez is credited with the discovery of these issues.

Trust: 0.9

sources: BID: 25715 // CNNVD: CNNVD-200709-338

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-28398
db:	VULMON	id:	CVE-2007-5036
db:	BID	id:	25715
db:	JVNDB	id:	JVNDB-2007-002670
db:	PACKETSTORM	id:	59437
db:	CNNVD	id:	CNNVD-200709-338
db:	NVD	id:	CVE-2007-5036

LAST UPDATE DATE

2025-04-10T22:28:50.812000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28398	date:	2017-09-29T00:00:00
db:	VULMON	id:	CVE-2007-5036	date:	2017-09-29T00:00:00
db:	BID	id:	25715	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-002670	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200709-338	date:	2007-09-26T00:00:00
db:	NVD	id:	CVE-2007-5036	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28398	date:	2007-09-24T00:00:00
db:	VULMON	id:	CVE-2007-5036	date:	2007-09-24T00:00:00
db:	BID	id:	25715	date:	2007-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2007-002670	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	59437	date:	2007-09-20T08:11:10
db:	CNNVD	id:	CNNVD-200709-338	date:	2007-09-23T00:00:00
db:	NVD	id:	CVE-2007-5036	date:	2007-09-24T00:17:00