CVE-2009-0052 - OpenCVE

The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atheros	Ar9160-bc1a Chipset
Netgear	Wndap330 Wndap330 Firmware

Configuration 1 [-]

AND

cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*

OR	cpe:2.3:h:atheros:ar9160-bc1a_chipset::::::::
	cpe:2.3:h:netgear:wndap330::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/37344
http://www.osvdb.org/59880
http://www.securityfocus.com/archive/1/507777/100/0/threaded
http://www.securityfocus.com/bid/36991
http://www.vupen.com/english/advisories/2009/3212
https://exchange.xforce.ibmcloud.com/vulnerabilities/54216

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-11-12T23:00:00

Updated: 2024-08-07T04:17:10.370Z

Reserved: 2009-01-07T00:00:00

Link: CVE-2009-0052

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-11-12T23:30:00.577

Modified: 2018-10-11T20:59:49.343

Link: CVE-2009-0052

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36991"}, {"name": "20091110 Atheros Driver Reserved Frame Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"}, {"name": "ADV-2009-3212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3212"}, {"name": "37344", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37344"}, {"name": "59880", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/59880"}, {"name": "netgear-wndap330-frame-dos(54216)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0052", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36991"}, {"name": "20091110 Atheros Driver Reserved Frame Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"}, {"name": "ADV-2009-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3212"}, {"name": "37344", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37344"}, {"name": "59880", "refsource": "OSVDB", "url": "http://www.osvdb.org/59880"}, {"name": "netgear-wndap330-frame-dos(54216)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.370Z"}, "title": "CVE Program Container", "references": [{"name": "36991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36991"}, {"name": "20091110 Atheros Driver Reserved Frame Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"}, {"name": "ADV-2009-3212", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3212"}, {"name": "37344", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37344"}, {"name": "59880", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/59880"}, {"name": "netgear-wndap330-frame-dos(54216)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0052", "datePublished": "2009-11-12T23:00:00", "dateReserved": "2009-01-07T00:00:00", "dateUpdated": "2024-08-07T04:17:10.370Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netgear:wndap330_firmware:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "C3343171-6991-47F6-8BC0-B0CFBFE595C6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atheros:ar9160-bc1a_chipset:*:*:*:*:*:*:*:*", "matchCriteriaId": "13D645AD-22A4-4DC6-BC81-1A06E8C61DCB", "vulnerable": true}, {"criteria": "cpe:2.3:h:netgear:wndap330:*:*:*:*:*:*:*:*", "matchCriteriaId": "93A730EC-5444-4AFF-8173-061CBFFF4368", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."}, {"lang": "es", "value": "El driver inal\u00e1mbrico Atheros, tal como es usado en el punto de acceso Wi-Fi Netgear WNDAP330 con firmware 2.1.11 y otras versiones anteriores a la 3.0.3 en el chipset Atheros AR9160-BC1A, y otros productos, permite a usuarios remotos autenticados provocar una denagaci\u00f3n de servicio (reinicio del dispositivo o cuelgue) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una trama reservada de gesti\u00f3n truncada."}], "id": "CVE-2009-0052", "lastModified": "2018-10-11T20:59:49.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-12T23:30:00.577", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37344"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/59880"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36991"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3212"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}