CVE-2007-5474

Name of the Vulnerable Software and Affected Versions Linksys WRT350N Wi-Fi access point with firmware version 2.00.17

Description The issue arises from the improper parsing of the Atheros vendor-specific information element in an association request by the driver for the Linksys WRT350N Wi-Fi access point. This can be exploited by remote authenticated users to cause a denial of service, resulting in a device reboot or hang, or potentially execute arbitrary code. The exploitation is possible via an Atheros information element with an invalid length.

Recommendations For Linksys WRT350N Wi-Fi access point with firmware version 2.00.17, consider applying a firmware update that addresses the improper parsing of Atheros vendor-specific information elements, if available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation by unauthorized users.