CVE-2007-5036

Name of the Vulnerable Software and Affected Versions AirDefense Airsensor M520 versions 4.3.1.1 through 4.4.1.4

Description The issue is related to multiple buffer overflows that can be triggered by remote authenticated users, leading to a denial of service (HTTPS service outage). This can be achieved by sending a crafted query string in an HTTPS request to specific API endpoints, including (1) "adLog.cgi", (2) "post.cgi", or (3) "ad.cgi", which are related to the "files filter."

Recommendations For AirDefense Airsensor M520 versions 4.3.1.1 through 4.4.1.4, consider restricting access to the affected API endpoints "adLog.cgi", "post.cgi", and "ad.cgi" to minimize the risk of exploitation until a patch is available. Avoid using crafted query strings in HTTPS requests to these endpoints.