Sign-up

ID

VAR-200909-0396


CVE

CVE-2009-3092


TITLE

ASUS WL-500W Wireless router buffer overflow vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2009-003713 // CNNVD: CNNVD-200909-105

DESCRIPTION

Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. ASUS WL-500W router is prone to multiple remote vulnerabilities. Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: ASUS WL-500W Wireless Router Two Vulnerabilities SECUNIA ADVISORY ID: SA36439 VERIFY ADVISORY: http://secunia.com/advisories/36439/ DESCRIPTION: Two vulnerabilities have been reported in ASUS WL-500W wireless router. 1) An unspecified error can be exploited to cause a buffer overflow. 2) An unspecified error has an unknown impact. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reported as modules included in VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-3092 // JVNDB: JVNDB-2009-003713 // BID: 36236 // VULHUB: VHN-40538 // PACKETSTORM: 81017

AFFECTED PRODUCTS

vendor:asusmodel:wl-500wscope:eqversion: -

Trust: 1.6

vendor:asustek computermodel:asus wl-500wscope: - version: -

Trust: 0.8

vendor:asusmodel:wl-500wscope:eqversion:0

Trust: 0.3

sources: BID: 36236 // JVNDB: JVNDB-2009-003713 // CNNVD: CNNVD-200909-105 // NVD: CVE-2009-3092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3092
value: HIGH

Trust: 1.0

NVD: CVE-2009-3092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-105
value: CRITICAL

Trust: 0.6

VULHUB: VHN-40538
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-3092
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40538
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40538 // JVNDB: JVNDB-2009-003713 // CNNVD: CNNVD-200909-105 // NVD: CVE-2009-3092

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-3092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-105

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200909-105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003713

PATCH
title:Top Pageurl:http://www.asus.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003713

EXTERNAL IDS
db:NVDid:CVE-2009-3092
Trust: 2.5
db:BIDid:36236
Trust: 2.0
db:SECUNIAid:36439
Trust: 1.8
db:JVNDBid:JVNDB-2009-003713
Trust: 0.8
db:CNNVDid:CNNVD-200909-105
Trust: 0.7
db:VULHUBid:VHN-40538
Trust: 0.1
db:PACKETSTORMid:81017
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40538 // 
            
            
            
            BID: 36236 // 
            
            
            
            JVNDB: JVNDB-2009-003713 // 
            
            
            
            PACKETSTORM: 81017 // 
            
            
            
            CNNVD: CNNVD-200909-105 // 
            
            
            
            NVD: CVE-2009-3092

REFERENCES
url:http://intevydis.com/vd-list.shtml
Trust: 1.8
url:http://www.securityfocus.com/bid/36236
Trust: 1.7
url:http://secunia.com/advisories/36439
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3092
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3092
Trust: 0.8
url:http://intevydis.com/company.shtml
Trust: 0.3
url:http://usa.asus.com/product.aspx?p_id=nrsjewu78wddxmoa
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/36439/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40538 // 
            
            
            
            BID: 36236 // 
            
            
            
            JVNDB: JVNDB-2009-003713 // 
            
            
            
            PACKETSTORM: 81017 // 
            
            
            
            CNNVD: CNNVD-200909-105 // 
            
            
            
            NVD: CVE-2009-3092

CREDITS
Intevydis
Trust: 0.9
sources:
            
            
            BID: 36236 // 
            
            
            
            CNNVD: CNNVD-200909-105

SOURCES
db:VULHUBid:VHN-40538
db:BIDid:36236
db:JVNDBid:JVNDB-2009-003713
db:PACKETSTORMid:81017
db:CNNVDid:CNNVD-200909-105
db:NVDid:CVE-2009-3092

LAST UPDATE DATE
2025-04-10T23:05:05.177000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40538date:2009-09-09T00:00:00
db:BIDid:36236date:2009-09-09T16:21:00
db:JVNDBid:JVNDB-2009-003713date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-105date:2009-09-09T00:00:00
db:NVDid:CVE-2009-3092date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40538date:2009-09-08T00:00:00
db:BIDid:36236date:2009-09-03T00:00:00
db:JVNDBid:JVNDB-2009-003713date:2012-06-26T00:00:00
db:PACKETSTORMid:81017date:2009-09-07T07:18:54
db:CNNVDid:CNNVD-200909-105date:2009-09-08T00:00:00
db:NVDid:CVE-2009-3092date:2009-09-08T18:30:00.610