Details of VAR-200809-0004

ID

VAR-200809-0004

CVE

CVE-2008-1197

TITLE

Netgear WN802T Wi-Fi Access point Marvell Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-004191

DESCRIPTION

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID.". The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately verify user-supplied input. Attackers can exploit this issue to hang or reboot the device, denying service to legitimate users. The NETGEAR WN802T wireless access point running firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected. Most information elements are used by the wireless access point and clients to advertise their capabilities (regarding rates, network name, cryptographic capabilities...). More precisely, the SSID is used by the access point to validate that the wireless client intends to connect to the appropriate SSID. Assigned CVE: ------------- * CVE-2008-1197 Details: -------- * The bug can be triggered by a malicious association request to the wireless access point with a Null SSID. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was reported to Netgear, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable. Credits: -------- * This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange . 1) An error exists in the processing of SSID information included in association requests. This can be exploited to reboot or hang-up the device by sending a specially crafted association request. 2) An error in the processing of EAPoL-Key packets can be exploited to reboot or hang-up a device by sending a specially crafted EAPoL-Key packet containing an overly large "length" value. The vulnerabilities are reported in firmware version 1.3.16. Other versions may also be affected. SOLUTION: Use the device only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Laurent Butti and Julien Tinnes, France Telecom / Orange ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2008-1197 // JVNDB: JVNDB-2008-004191 // BID: 30976 // VULHUB: VHN-31322 // VULMON: CVE-2008-1197 // PACKETSTORM: 69627 // PACKETSTORM: 69658

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	netgear	model:	wn802t	scope:	eq	version:	1.3.16	Trust: 2.0
vendor:	marvell	model:	88w8361w-bem1	scope:	-	version:	-	Trust: 1.4
vendor:	marvell	model:	88w8361w-bem1	scope:	eq	version:	*	Trust: 1.1
vendor:	net gear	model:	wn802t	scope:	eq	version:	1.3.16	Trust: 0.8
vendor:	marvell	model:	semiconductor 88w8361p-bem1 chipset	scope:	eq	version:	0	Trust: 0.3

sources: VULMON: CVE-2008-1197 // BID: 30976 // JVNDB: JVNDB-2008-004191 // CNNVD: CNNVD-200809-085 // NVD: CVE-2008-1197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1197
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1197
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200809-085
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31322
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2008-1197
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1197
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-31322
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31322 // VULMON: CVE-2008-1197 // JVNDB: JVNDB-2008-004191 // CNNVD: CNNVD-200809-085 // NVD: CVE-2008-1197

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-31322 // JVNDB: JVNDB-2008-004191 // NVD: CVE-2008-1197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-085

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-085

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-004191

PATCH

title:	Top Page	url:	http://www.marvell.com/	Trust: 0.8
title:	Top Page	url:	http://www.netgear.com/home/	Trust: 0.8
title:	wifuzzit	url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/flowerhack/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/84KaliPleXon3/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/PleXone2019/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/wi-fi-analyzer/wifuzzit	Trust: 0.1

sources: VULMON: CVE-2008-1197 // JVNDB: JVNDB-2008-004191

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1197	Trust: 3.1
db:	BID	id:	30976	Trust: 2.1
db:	SECUNIA	id:	31770	Trust: 1.9
db:	SREASON	id:	4215	Trust: 1.8
db:	JVNDB	id:	JVNDB-2008-004191	Trust: 0.8
db:	BUGTRAQ	id:	20080904 MARVELL DRIVER NULL SSID ASSOCIATION REQUEST VULNERABILITY	Trust: 0.6
db:	XF	id:	802	Trust: 0.6
db:	XF	id:	44918	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-085	Trust: 0.6
db:	PACKETSTORM	id:	69627	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-31322	Trust: 0.1
db:	VULMON	id:	CVE-2008-1197	Trust: 0.1
db:	PACKETSTORM	id:	69658	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-31322 // VULMON: CVE-2008-1197 // BID: 30976 // JVNDB: JVNDB-2008-004191 // PACKETSTORM: 69627 // PACKETSTORM: 69658 // CNNVD: CNNVD-200809-085 // NVD: CVE-2008-1197

REFERENCES

url:	http://www.securityfocus.com/bid/30976	Trust: 1.9
url:	http://secunia.com/advisories/31770	Trust: 1.8
url:	http://securityreason.com/securityalert/4215	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/495983/100/0/threaded	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44918	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1197	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1197	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44918	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495983/100/0/threaded	Trust: 0.6
url:	http://www.marvell.com/	Trust: 0.3
url:	http://www.netgear.com	Trust: 0.3
url:	http://kbserver.netgear.com/products/wn802t.asp	Trust: 0.3
url:	/archive/1/495983	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-1197	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/19749/	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/corporate/jobs/open_positions/	Trust: 0.1
url:	http://secunia.com/advisories/31770/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Laurent Butti※ laurent.butti@orange-ftgroup.com

Trust: 0.6

sources: CNNVD: CNNVD-200809-085

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-31322
db:	VULMON	id:	CVE-2008-1197
db:	BID	id:	30976
db:	JVNDB	id:	JVNDB-2008-004191
db:	PACKETSTORM	id:	69627
db:	PACKETSTORM	id:	69658
db:	CNNVD	id:	CNNVD-200809-085
db:	NVD	id:	CVE-2008-1197

LAST UPDATE DATE

2025-04-10T20:50:30.248000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31322	date:	2018-10-11T00:00:00
db:	VULMON	id:	CVE-2008-1197	date:	2018-10-11T00:00:00
db:	BID	id:	30976	date:	2008-09-04T19:24:00
db:	JVNDB	id:	JVNDB-2008-004191	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200809-085	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-1197	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31322	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2008-1197	date:	2008-09-05T00:00:00
db:	BID	id:	30976	date:	2008-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2008-004191	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	69627	date:	2008-09-04T17:18:39
db:	PACKETSTORM	id:	69658	date:	2008-09-05T15:36:36
db:	CNNVD	id:	CNNVD-200809-085	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1197	date:	2008-09-05T16:08:00