Details of VAR-200810-0303

ID

VAR-200810-0303

CVE

CVE-2008-4441

TITLE

Linksys WAP4400N Wi-Fi Service interruption at the access point (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-004926

DESCRIPTION

The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. Linksys WAP4400N wireless access point devices are prone to a denial-of-service vulnerability because they fail to adequately verify user-supplied input. Remote attackers can exploit this issue to hang or reboot a vulnerable device, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed. Linksys WAP4400N devices running firmware 1.2.14 are vulnerable. NOTE: Since the flaw is in the Marvell 88W8361P-BEM1 chipset driver, other devices and firmware versions using the same code may also be affected. Linksys WAP4400N is a small wireless router. Assigned CVE: ------------- * CVE-2008-4441 Details: -------- * The bug can be triggered thanks to a malformed association request which is typically too short (truncated). Any association request sent in the air by the attacker will be parsed by the access point wireless driver and thus may trigger some implementation bugs. Attack Impact: -------------- * Denial-of-service (reboot or hang-up) and possibly remote arbitrary code execution Attack Vector: -------------- * Unauthenticated wireless device Timeline: --------- * 2008-05-26 - Vulnerability reported to Linksys * 2008-05-26 - Full details sent to Linksys * 2008-10-13 - Public disclosure Affected Products: ------------------ * Linksys WAP4400N (firmware v1.2.14) with MARVELL 88W8361P-BEM1 chipset Vulnerable Devices: ------------------- * As it is a wireless driver specific issue, the wireless vendor should use the latest chipset wireless driver for their access point firmwares. This security vulnerability was reported to Linksys, updated firmwares (such as the 1.2.17 firmware) should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability SECUNIA ADVISORY ID: SA32259 VERIFY ADVISORY: http://secunia.com/advisories/32259/ CRITICAL: Moderately critical IMPACT: Unknown, DoS WHERE: >From remote OPERATING SYSTEM: Linksys WAP4400N http://secunia.com/advisories/product/20144/ DESCRIPTION: Some vulnerabilities have been reported in Linksys WAP4400N, where one has unknown impacts and the other can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the processing of association requests can be exploited to reboot or hang-up the device by sending a specially crafted association request. Successful exploitation requires that the access point runs in WEP mode. 2) An unspecified vulnerability exists within SNMPv3. No more information is currently available. SOLUTION: Update to firmware version 1.2.17. http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1152745215776&pagename=Linksys%2FCommon%2FVisitorWrapper PROVIDED AND/OR DISCOVERED BY: 1) Laurent Butti and Julien Tinnes, France Telecom / Orange 2) Reported by the vendor. ORIGINAL ADVISORY: http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1152745215776&pagename=Linksys%2FCommon%2FVisitorWrapper ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2008-4441 // JVNDB: JVNDB-2008-004926 // BID: 31742 // VULHUB: VHN-34566 // VULMON: CVE-2008-4441 // PACKETSTORM: 70876 // PACKETSTORM: 70926

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	linksys	model:	wap400n	scope:	eq	version:	1.2.14	Trust: 1.7
vendor:	cisco linksys	model:	wap400n	scope:	eq	version:	1.2.14	Trust: 0.8
vendor:	marvell	model:	semiconductor 88w8361p-bem1 chipset	scope:	eq	version:	0	Trust: 0.3
vendor:	linksys	model:	wap4400n	scope:	eq	version:	1.2.14	Trust: 0.3

sources: VULMON: CVE-2008-4441 // BID: 31742 // JVNDB: JVNDB-2008-004926 // CNNVD: CNNVD-200810-229 // NVD: CVE-2008-4441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-4441
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-4441
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200810-229
value:	HIGH
Trust: 0.6
VULHUB:	VHN-34566
value:	HIGH
Trust: 0.1
VULMON:	CVE-2008-4441
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-4441
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-34566
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-34566 // VULMON: CVE-2008-4441 // JVNDB: JVNDB-2008-004926 // CNNVD: CNNVD-200810-229 // NVD: CVE-2008-4441

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-34566 // JVNDB: JVNDB-2008-004926 // NVD: CVE-2008-4441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200810-229

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200810-229

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-004926

PATCH

title:	Linksys	url:	http://home.cisco.com/en-apac/home	Trust: 0.8
title:	wifuzzit	url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/flowerhack/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/84KaliPleXon3/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/PleXone2019/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/wi-fi-analyzer/wifuzzit	Trust: 0.1

sources: VULMON: CVE-2008-4441 // JVNDB: JVNDB-2008-004926

EXTERNAL IDS

db:	NVD	id:	CVE-2008-4441	Trust: 3.1
db:	BID	id:	31742	Trust: 2.1
db:	SECUNIA	id:	32259	Trust: 1.9
db:	SREASON	id:	4400	Trust: 1.8
db:	VUPEN	id:	ADV-2008-2805	Trust: 1.8
db:	JVNDB	id:	JVNDB-2008-004926	Trust: 0.8
db:	BUGTRAQ	id:	20081013 MARVELL DRIVER MALFORMED ASSOCIATION REQUEST VULNERABILITY	Trust: 0.6
db:	XF	id:	45841	Trust: 0.6
db:	XF	id:	4400	Trust: 0.6
db:	CNNVD	id:	CNNVD-200810-229	Trust: 0.6
db:	PACKETSTORM	id:	70876	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-34566	Trust: 0.1
db:	VULMON	id:	CVE-2008-4441	Trust: 0.1
db:	PACKETSTORM	id:	70926	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-34566 // VULMON: CVE-2008-4441 // BID: 31742 // JVNDB: JVNDB-2008-004926 // PACKETSTORM: 70876 // PACKETSTORM: 70926 // CNNVD: CNNVD-200810-229 // NVD: CVE-2008-4441

REFERENCES

url:	http://www.securityfocus.com/bid/31742	Trust: 1.9
url:	http://secunia.com/advisories/32259	Trust: 1.8
url:	http://securityreason.com/securityalert/4400	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/497285/100/0/threaded	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2008/2805	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/45841	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4441	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4441	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/45841	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/497285/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/2805	Trust: 0.6
url:	http://www.marvell.com/	Trust: 0.3
url:	http://www.linksys.com/servlet/satellite?c=l_product_c2&childpagename=us%2flayout&cid=1153780863744&pagename=linksys%2fcommon%2fvisitorwrapper&lid=6374487090b05	Trust: 0.3
url:	/archive/1/497285	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4441	Trust: 0.1
url:	http://secunia.com/advisories/product/20144/	Trust: 0.1
url:	http://secunia.com/binary_analysis/sample_analysis/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/32259/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.linksys.com/servlet/satellite?c=l_download_c2&childpagename=us%2flayout&cid=1115417109974&packedargs=sku%3d1152745215776&pagename=linksys%2fcommon%2fvisitorwrapper	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Laurent Butti※ laurent.butti@orange-ftgroup.com

Trust: 0.6

sources: CNNVD: CNNVD-200810-229

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-34566
db:	VULMON	id:	CVE-2008-4441
db:	BID	id:	31742
db:	JVNDB	id:	JVNDB-2008-004926
db:	PACKETSTORM	id:	70876
db:	PACKETSTORM	id:	70926
db:	CNNVD	id:	CNNVD-200810-229
db:	NVD	id:	CVE-2008-4441

LAST UPDATE DATE

2025-04-10T20:41:28.520000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-34566	date:	2018-10-11T00:00:00
db:	VULMON	id:	CVE-2008-4441	date:	2018-10-11T00:00:00
db:	BID	id:	31742	date:	2008-10-16T17:27:00
db:	JVNDB	id:	JVNDB-2008-004926	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200810-229	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-4441	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-34566	date:	2008-10-14T00:00:00
db:	VULMON	id:	CVE-2008-4441	date:	2008-10-14T00:00:00
db:	BID	id:	31742	date:	2008-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2008-004926	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	70876	date:	2008-10-13T22:41:20
db:	PACKETSTORM	id:	70926	date:	2008-10-15T06:24:30
db:	CNNVD	id:	CNNVD-200810-229	date:	2008-10-14T00:00:00
db:	NVD	id:	CVE-2008-4441	date:	2008-10-14T15:28:16.677