VAR-200809-0004
Vulnerability from variot - Updated: 2025-04-10 20:50The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID.". The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately verify user-supplied input. Attackers can exploit this issue to hang or reboot the device, denying service to legitimate users. The NETGEAR WN802T wireless access point running firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected. Most information elements are used by the wireless access point and clients to advertise their capabilities (regarding rates, network name, cryptographic capabilities...). More precisely, the SSID is used by the access point to validate that the wireless client intends to connect to the appropriate SSID.
Assigned CVE:
- CVE-2008-1197
Details:
- The bug can be triggered by a malicious association request to the wireless access point with a Null SSID. This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point). This security vulnerability was reported to Netgear, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable.
Credits:
- This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange .
1) An error exists in the processing of SSID information included in association requests. This can be exploited to reboot or hang-up the device by sending a specially crafted association request.
2) An error in the processing of EAPoL-Key packets can be exploited to reboot or hang-up a device by sending a specially crafted EAPoL-Key packet containing an overly large "length" value.
The vulnerabilities are reported in firmware version 1.3.16. Other versions may also be affected.
SOLUTION: Use the device only in a trusted network environment.
PROVIDED AND/OR DISCOVERED BY: Laurent Butti and Julien Tinnes, France Telecom / Orange
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "wn802t",
"scope": "eq",
"trust": 2.0,
"vendor": "netgear",
"version": "1.3.16"
},
{
"_id": null,
"model": "88w8361w-bem1",
"scope": null,
"trust": 1.4,
"vendor": "marvell",
"version": null
},
{
"_id": null,
"model": "88w8361w-bem1",
"scope": "eq",
"trust": 1.1,
"vendor": "marvell",
"version": "*"
},
{
"_id": null,
"model": "wn802t",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "1.3.16"
},
{
"_id": null,
"model": "semiconductor 88w8361p-bem1 chipset",
"scope": "eq",
"trust": 0.3,
"vendor": "marvell",
"version": "0"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "BID",
"id": "30976"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
},
{
"db": "NVD",
"id": "CVE-2008-1197"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:marvell:88w8361w-bem1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:netgear:wn802t",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
}
]
},
"credits": {
"_id": null,
"data": "Laurent Butti\u203b laurent.butti@orange-ftgroup.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1197",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2008-1197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-31322",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1197",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-1197",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31322",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-1197",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31322"
},
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
},
{
"db": "NVD",
"id": "CVE-2008-1197"
}
]
},
"description": {
"_id": null,
"data": "The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a \"Null SSID.\". The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately verify user-supplied input. \nAttackers can exploit this issue to hang or reboot the device, denying service to legitimate users. \nThe NETGEAR WN802T wireless access point running firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected. Most information elements are\nused by the wireless access point and clients to advertise their\ncapabilities (regarding rates, network name, cryptographic\ncapabilities...). More precisely, the SSID is used by the access point\nto validate that the wireless client intends to connect to the\nappropriate SSID. \n\nAssigned CVE:\n-------------\n* CVE-2008-1197\n\nDetails:\n--------\n* The bug can be triggered by a malicious association request to the\nwireless access point with a Null SSID. This can be achieved only after\na successful 802.11 authentication (in \"Open\" or \"Shared\" mode according\nto the configuration of the wireless access point). \nThis security vulnerability was reported to Netgear, updated firmwares\nshould be available on their web site. Any other wireless device relying\non this vulnerable wireless driver is likely to be vulnerable. \n\nCredits:\n--------\n* This vulnerability was discovered by Laurent Butti and Julien Tinnes\nfrom France Telecom / Orange\n. \n\n1) An error exists in the processing of SSID information included in\nassociation requests. This can be exploited to reboot or hang-up the\ndevice by sending a specially crafted association request. \n\n2) An error in the processing of EAPoL-Key packets can be exploited\nto reboot or hang-up a device by sending a specially crafted\nEAPoL-Key packet containing an overly large \"length\" value. \n\nThe vulnerabilities are reported in firmware version 1.3.16. Other\nversions may also be affected. \n\nSOLUTION:\nUse the device only in a trusted network environment. \n\nPROVIDED AND/OR DISCOVERED BY:\nLaurent Butti and Julien Tinnes, France Telecom / Orange\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html\nhttp://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1197"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "BID",
"id": "30976"
},
{
"db": "VULHUB",
"id": "VHN-31322"
},
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "PACKETSTORM",
"id": "69627"
},
{
"db": "PACKETSTORM",
"id": "69658"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2008-1197",
"trust": 3.1
},
{
"db": "BID",
"id": "30976",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "31770",
"trust": 1.9
},
{
"db": "SREASON",
"id": "4215",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080904 MARVELL DRIVER NULL SSID ASSOCIATION REQUEST VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "802",
"trust": 0.6
},
{
"db": "XF",
"id": "44918",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "69627",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-31322",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-1197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69658",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-31322"
},
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "BID",
"id": "30976"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "PACKETSTORM",
"id": "69627"
},
{
"db": "PACKETSTORM",
"id": "69658"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
},
{
"db": "NVD",
"id": "CVE-2008-1197"
}
]
},
"id": "VAR-200809-0004",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-31322"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"network device"
],
"sub_category": "Wi-Fi access point",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-10T20:50:30.248000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.marvell.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/home/"
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/flowerhack/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/PleXone2019/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/wi-fi-analyzer/wifuzzit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31322"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "NVD",
"id": "CVE-2008-1197"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/30976"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/31770"
},
{
"trust": 1.8,
"url": "http://securityreason.com/securityalert/4215"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/495983/100/0/threaded"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44918"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1197"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1197"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44918"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495983/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.marvell.com/"
},
{
"trust": 0.3,
"url": "http://www.netgear.com"
},
{
"trust": 0.3,
"url": "http://kbserver.netgear.com/products/wn802t.asp"
},
{
"trust": 0.3,
"url": "/archive/1/495983"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1197"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19749/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/open_positions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31770/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-31322"
},
{
"db": "VULMON",
"id": "CVE-2008-1197"
},
{
"db": "BID",
"id": "30976"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
},
{
"db": "PACKETSTORM",
"id": "69627"
},
{
"db": "PACKETSTORM",
"id": "69658"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
},
{
"db": "NVD",
"id": "CVE-2008-1197"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "OTHER",
"id": null,
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-31322",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2008-1197",
"ident": null
},
{
"db": "BID",
"id": "30976",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004191",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69627",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69658",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200809-085",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2008-1197",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-31322",
"ident": null
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2008-1197",
"ident": null
},
{
"date": "2008-09-04T00:00:00",
"db": "BID",
"id": "30976",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004191",
"ident": null
},
{
"date": "2008-09-04T17:18:39",
"db": "PACKETSTORM",
"id": "69627",
"ident": null
},
{
"date": "2008-09-05T15:36:36",
"db": "PACKETSTORM",
"id": "69658",
"ident": null
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-085",
"ident": null
},
{
"date": "2008-09-05T16:08:00",
"db": "NVD",
"id": "CVE-2008-1197",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31322",
"ident": null
},
{
"date": "2018-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2008-1197",
"ident": null
},
{
"date": "2008-09-04T19:24:00",
"db": "BID",
"id": "30976",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004191",
"ident": null
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-085",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1197",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Netgear WN802T Wi-Fi Access point Marvell Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004191"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-085"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.