- Description
- The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.3
- Impact score
- 6.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:N/A:C
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atheros:ar5416-ac1e_chipset:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A125E74-B624-470B-8923-6AA3C57DBF7E"
},
{
"criteria": "cpe:2.3:h:linksys:wrt350n:2.00.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09DD63BB-4E99-4E2B-A94B-13A24897C6E1"
}
],
"operator": "OR"
}
]
}
]