CVE-2007-5474
Linksys WRT350N 2.00.17 - Denial of Service via Atheros Information Element Length
Title source: llmDescription
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31012
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4226
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495984/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44921
Scores
EPSS
0.0143
EPSS Percentile
80.9%
Details
CWE
CWE-20
Status
published
Products (2)
atheros/ar5416-ac1e_chipset
linksys/wrt350n
2.00.17
Published
Sep 05, 2008
Tracked Since
Feb 18, 2026