CVE-2007-5474 in AR5416-AC1E chipsetinfo

Summary

The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.

Once again VulDB remains the best source for vulnerability data.

Responsible

Reservation

10/16/2007

Disclosure

09/05/2008

Moderation

VulDB entry created

Entries

VDB-43938

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.01425

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5474
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5474
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5474/

◂ Previous Overview Next ▸