AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities

Bugtraq ID:	25715
Class:	Boundary Condition Error
CVE:	CVE-2007-5036
Remote:	Yes
Local:	No
Published:	Sep 18 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Alex Hernandez is credited with the discovery of these issues.
Vulnerable:	AirDefense M520 0
Not Vulnerable:

AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities

The AirDefense M520 is prone to multiple remote denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

A successful attack will cause the device's HTTPD service to crash. Given the nature of these issues, remote code execution may also be possible, but this has not been confirmed.

AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities

The following exploit is available:

• /data/vulnerabilities/exploits/25715.pl

AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

AirDefense M520 Multiple CGI Scripts Remote Denial of Service Vulnerabilities

References:

• Vendor Homepage (AirDefense)