Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote malicious users to spoof or hijack TCP connections.
source: wwwsecurityfocuscom/bid/670/info
A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions This can be used to create spoofed TCP sessions bypassing some types of IP based access controls
The function 'secure_tcp_sequence_number' in the file 'drivers/char/randomc' at line 1684 ...