Sign-up

ID

VAR-200911-0308


CVE

CVE-2007-5475


TITLE

Linksys WAP4400N Wi-Fi Access point buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004039

DESCRIPTION

Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements. Linksys WAP4400N wireless access point devices are prone to a denial-of-service vulnerability because they fail to adequately verify user-supplied input. Remote attackers can exploit this issue to hang or reboot a vulnerable device, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed. Linksys WAP4400N devices running firmware 1.2.17 are vulnerable. NOTE: Since the flaw is in the Marvell 88W8361P-BEM1 chipset driver, other devices and firmware versions using the same code may also be affected. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was originally reported to Linksys, updated firmwares should be available on Cisco/Linksys web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable. Credits: -------- * This vulnerability was discovered by Laurent Butti from France Telecom / Orange . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linksys WAP4400N Association Request Denial of Service SECUNIA ADVISORY ID: SA37345 VERIFY ADVISORY: http://secunia.com/advisories/37345/ DESCRIPTION: A vulnerability has been reported in Linksys WAP4400N, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when parsing information elements included in association requests and can be exploited to reboot or hang an affected device. The vulnerability is reported in firmware version 1.2.17. SOLUTION: Reportedly fixed in firmware version 1.2.19. PROVIDED AND/OR DISCOVERED BY: Laurent Butti, France Telecom / Orange ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/current/0074.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2007-5475 // JVNDB: JVNDB-2009-004039 // BID: 37017 // VULHUB: VHN-28837 // VULMON: CVE-2007-5475 // PACKETSTORM: 82664 // PACKETSTORM: 82611

IOT TAXONOMY

category:['network device', 'embedded device']sub_category:access point

Trust: 0.1

category:['network device', 'embedded device']sub_category:chipset

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:linksysmodel:wap4400nscope:eqversion:1.2.17

Trust: 1.4

vendor:marvellmodel:88w8361p-bem chipsetscope: - version: -

Trust: 1.4

vendor:marvellmodel:88w8361p-bem chipsetscope:eqversion:*

Trust: 1.1

vendor:cisco linksysmodel:wap4400nscope:eqversion:1.2.17

Trust: 0.8

vendor:marvellmodel:semiconductor 88w8361p-bem1 chipsetscope:eqversion:0

Trust: 0.3

vendor:linksysmodel:wap4400nscope:neversion:1.2.19

Trust: 0.3

sources: VULMON: CVE-2007-5475 // BID: 37017 // JVNDB: JVNDB-2009-004039 // CNNVD: CNNVD-200911-143 // NVD: CVE-2007-5475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5475
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5475
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200911-143
value: MEDIUM

Trust: 0.6

VULHUB: VHN-28837
value: MEDIUM

Trust: 0.1

VULMON: CVE-2007-5475
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-5475
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-28837
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28837 // VULMON: CVE-2007-5475 // JVNDB: JVNDB-2009-004039 // CNNVD: CNNVD-200911-143 // NVD: CVE-2007-5475

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-28837 // JVNDB: JVNDB-2009-004039 // NVD: CVE-2007-5475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-143

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200911-143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004039

PATCH
title:Linksysurl:http://home.cisco.com/en-apac/home
Trust: 0.8
title:Top Pageurl:http://www.marvell.com/
Trust: 0.8
title:wifuzziturl:https://github.com/0xd012/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/flowerhack/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/84KaliPleXon3/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/PleXone2019/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/wi-fi-analyzer/wifuzzit 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2007-5475 // 
            
            
            
            JVNDB: JVNDB-2009-004039

EXTERNAL IDS
db:NVDid:CVE-2007-5475
Trust: 3.1
db:SECUNIAid:37345
Trust: 1.9
db:VUPENid:ADV-2009-3239
Trust: 1.1
db:JVNDBid:JVNDB-2009-004039
Trust: 0.8
db:CNNVDid:CNNVD-200911-143
Trust: 0.7
db:BUGTRAQid:20091110 MARVELL DRIVER MULTIPLE INFORMATION ELEMENT OVERFLOWS
Trust: 0.6
db:BIDid:37017
Trust: 0.5
db:PACKETSTORMid:82664
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-28837
Trust: 0.1
db:VUPENid:2009/3239
Trust: 0.1
db:VULMONid:CVE-2007-5475
Trust: 0.1
db:PACKETSTORMid:82611
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-28837 // 
            
            
            
            VULMON: CVE-2007-5475 // 
            
            
            
            BID: 37017 // 
            
            
            
            JVNDB: JVNDB-2009-004039 // 
            
            
            
            PACKETSTORM: 82664 // 
            
            
            
            PACKETSTORM: 82611 // 
            
            
            
            CNNVD: CNNVD-200911-143 // 
            
            
            
            NVD: CVE-2007-5475

REFERENCES
url:http://secunia.com/advisories/37345
Trust: 1.8
url:http://www.securityfocus.com/archive/1/507781/100/0/threaded
Trust: 1.2
url:http://www.vupen.com/english/advisories/2009/3239
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5475
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5475
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/507781/100/0/threaded
Trust: 0.6
url:http://www.marvell.com/
Trust: 0.3
url:http://www.linksys.com/servlet/satellite?c=l_product_c2&childpagename=us%2flayout&cid=1153780863744&pagename=linksys%2fcommon%2fvisitorwrapper&lid=6374487090b05
Trust: 0.3
url:/archive/1/507781
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://www.securityfocus.com/bid/37017
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/0xd012/wifuzzit
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2007-5475
Trust: 0.1
url:http://archives.neohapsis.com/archives/bugtraq/current/0074.html
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/37345/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-28837 // 
            
            
            
            VULMON: CVE-2007-5475 // 
            
            
            
            BID: 37017 // 
            
            
            
            JVNDB: JVNDB-2009-004039 // 
            
            
            
            PACKETSTORM: 82664 // 
            
            
            
            PACKETSTORM: 82611 // 
            
            
            
            CNNVD: CNNVD-200911-143 // 
            
            
            
            NVD: CVE-2007-5475

CREDITS
Laurent Butti
Trust: 1.0
sources:
            
            
            BID: 37017 // 
            
            
            
            PACKETSTORM: 82664 // 
            
            
            
            CNNVD: CNNVD-200911-143

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-28837
db:VULMONid:CVE-2007-5475
db:BIDid:37017
db:JVNDBid:JVNDB-2009-004039
db:PACKETSTORMid:82664
db:PACKETSTORMid:82611
db:CNNVDid:CNNVD-200911-143
db:NVDid:CVE-2007-5475

LAST UPDATE DATE
2025-04-10T22:41:52.446000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28837date:2018-10-15T00:00:00
db:VULMONid:CVE-2007-5475date:2018-10-15T00:00:00
db:BIDid:37017date:2009-11-13T18:16:00
db:JVNDBid:JVNDB-2009-004039date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200911-143date:2009-11-13T00:00:00
db:NVDid:CVE-2007-5475date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-28837date:2009-11-12T00:00:00
db:VULMONid:CVE-2007-5475date:2009-11-12T00:00:00
db:BIDid:37017date:2009-11-10T00:00:00
db:JVNDBid:JVNDB-2009-004039date:2012-09-25T00:00:00
db:PACKETSTORMid:82664date:2009-11-17T01:41:03
db:PACKETSTORMid:82611date:2009-11-16T09:29:55
db:CNNVDid:CNNVD-200911-143date:2009-11-12T00:00:00
db:NVDid:CVE-2007-5475date:2009-11-12T23:30:00.517