CVE-2008-4441

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.

El controlador de dispositivo Marvell para el punto de acceso Wi-fi Linksys WAP4400N con version de firmware 1.2.14 sobre chipset Marvell 88W8361P-BEM1, cuando el modo WEP está activado, no analiza adecuadamente las tramas 802.11 mal formadas. Lo cual permite a atacantes remotos causar una denegación de servicio (reinico o cuelgue) a través de una petición de asociación mal formada que contenga el flag WEP, como lo demuestra una solicitud de dicho tipo demasiado corta. Se trata de una vulnerabilidad diferente a la CVE-2008-1144 y CVE-2008-1197.

*Credits: N/A

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-10-03 CVE Reserved
2008-10-13 CVE Published
2024-02-11 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source
http://securityreason.com/securityalert/4400	Third Party Advisory
http://www.securityfocus.com/archive/1/497285/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/31742	Vdb Entry
http://www.vupen.com/english/advisories/2008/2805	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45841	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/32259	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linksys Search vendor "Linksys"	Wap400n Search vendor "Linksys" for product "Wap400n"	1.2.14 Search vendor "Linksys" for product "Wap400n" and version "1.2.14"	-	Affected	in	Marvell Search vendor "Marvell"	88w8361p-bem1 Search vendor "Marvell" for product "88w8361p-bem1"	*	-	Safe