Details of VAR-200809-0452

ID

VAR-200809-0452

CVE

CVE-2007-5474

TITLE

Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi Denial of service operation in access point driver (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002531

DESCRIPTION

The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. Atheros AR5416-AC1E On chipset Linksys WRT350N Wi-Fi The access point driver is responsible for the association request. Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Atheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected. Linksys WRT350N is a popular wireless broadband router. Cause a denial of service or execute arbitrary commands. This information element is used by wireless devices to advertise Atheros specific capabilities. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was reported to Linksys, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable. Credits: -------- * This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange

Trust: 2.16

sources: NVD: CVE-2007-5474 // JVNDB: JVNDB-2008-002531 // BID: 31012 // VULHUB: VHN-28836 // VULMON: CVE-2007-5474 // PACKETSTORM: 69634

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	atheros	model:	ar5416-ac1e chipset	scope:	-	version:	-	Trust: 1.4
vendor:	atheros	model:	ar5416-ac1e chipset	scope:	eq	version:	*	Trust: 1.1
vendor:	linksys	model:	wrt350n	scope:	eq	version:	2.00.17	Trust: 1.1
vendor:	cisco linksys	model:	wrt350n	scope:	eq	version:	firmware 2.00.17	Trust: 0.8
vendor:	linksys	model:	wrt350n	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	atheros	model:	communications ar5416-ac1e	scope:	eq	version:	0	Trust: 0.3

sources: VULMON: CVE-2007-5474 // BID: 31012 // JVNDB: JVNDB-2008-002531 // CNNVD: CNNVD-200809-083 // NVD: CVE-2007-5474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5474
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5474
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200809-083
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28836
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-5474
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5474
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-28836
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28836 // VULMON: CVE-2007-5474 // JVNDB: JVNDB-2008-002531 // CNNVD: CNNVD-200809-083 // NVD: CVE-2007-5474

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-28836 // JVNDB: JVNDB-2008-002531 // NVD: CVE-2007-5474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-083

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-083

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002531

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28836

PATCH

title:	Top Page	url:	http://www.atheros.com/	Trust: 0.8
title:	Top Page	url:	http://home.cisco.com/en-apac/home	Trust: 0.8
title:	wifuzzit	url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/flowerhack/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/84KaliPleXon3/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/PleXone2019/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/wi-fi-analyzer/wifuzzit	Trust: 0.1

sources: VULMON: CVE-2007-5474 // JVNDB: JVNDB-2008-002531

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5474	Trust: 3.1
db:	BID	id:	31012	Trust: 2.1
db:	SREASON	id:	4226	Trust: 1.8
db:	JVNDB	id:	JVNDB-2008-002531	Trust: 0.8
db:	XF	id:	5416	Trust: 0.6
db:	XF	id:	44921	Trust: 0.6
db:	BUGTRAQ	id:	20080904 ATHEROS VENDOR SPECIFIC INFORMATION ELEMENT OVERFLOW	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-083	Trust: 0.6
db:	PACKETSTORM	id:	69634	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-28836	Trust: 0.1
db:	VULMON	id:	CVE-2007-5474	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-28836 // VULMON: CVE-2007-5474 // BID: 31012 // JVNDB: JVNDB-2008-002531 // PACKETSTORM: 69634 // CNNVD: CNNVD-200809-083 // NVD: CVE-2007-5474

REFERENCES

url:	http://www.securityfocus.com/bid/31012	Trust: 1.9
url:	http://securityreason.com/securityalert/4226	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/495984/100/0/threaded	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44921	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5474	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5474	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44921	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495984/100/0/threaded	Trust: 0.6
url:	http://www.atheros.com/	Trust: 0.3
url:	http://www.linksys.com/	Trust: 0.3
url:	/archive/1/495984	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5474	Trust: 0.1

CREDITS

Laurent Butti※ laurent.butti@orange-ftgroup.com

Trust: 0.6

sources: CNNVD: CNNVD-200809-083

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-28836
db:	VULMON	id:	CVE-2007-5474
db:	BID	id:	31012
db:	JVNDB	id:	JVNDB-2008-002531
db:	PACKETSTORM	id:	69634
db:	CNNVD	id:	CNNVD-200809-083
db:	NVD	id:	CVE-2007-5474

LAST UPDATE DATE

2025-04-10T22:41:57.933000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28836	date:	2018-10-15T00:00:00
db:	VULMON	id:	CVE-2007-5474	date:	2018-10-15T00:00:00
db:	BID	id:	31012	date:	2008-09-04T19:14:00
db:	JVNDB	id:	JVNDB-2008-002531	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200809-083	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2007-5474	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28836	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2007-5474	date:	2008-09-05T00:00:00
db:	BID	id:	31012	date:	2008-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2008-002531	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	69634	date:	2008-09-04T18:10:05
db:	CNNVD	id:	CNNVD-200809-083	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2007-5474	date:	2008-09-05T16:08:00