Published: 04/09/2019 Updated: 09/09/2019

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 296

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 up to and including 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
espressif esp8266 nonos sdk
espressif arduino esp8266

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a research outcome from the ASSET Research Group This repository demonstrates 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices: Zero PMK Installation (CVE-2019-12587) - Hijacking ESP32/ESP8266 clients connected to enterprise networks; ESP32/ESP8266 EAP client crash (CVE-2019-12586) - Crashing ESP devices connec

A Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using their built-in Over-The-Air update interface. It is suited for network setups where IoT devices do not have internet connectivity.

🛵 Mass Over-The-Air updater for Shelly devices 🛵 mota is a mass Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using the built-in Over-The-Air (OTA) update interface It is particularly suited for network setups using VLANs where IoT devices do not have internet connectivity Background Shelly devices periodically ping the Sh

A Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using their built-in Over-The-Air update interface. It is suited for network setups where IoT devices do not have internet connectivity.

🛵 Mass Over-The-Air updater for Shelly devices 🛵 mota is a mass Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using the built-in Over-The-Air (OTA) update interface It is particularly suited for network setups using VLANs where IoT devices do not have internet connectivity Background Shelly devices periodically ping the Sh

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a research outcome from the ASSET Research Group This repository demonstrates 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices: Zero PMK Installation (CVE-2019-12587) - Hijacking ESP32/ESP8266 clients connected to enterprise networks; ESP32/ESP8266 EAP client crash (CVE-2019-12586) - Crashing ESP devices connec

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

CWE-20 https://github.com/espressif https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/https://github.com/Matheus-Garbelini/esp32_esp8266_attacks https://nvd.nist.gov https://github.com/84KaliPleXon3/esp32_esp8266_attacks https://github.com/ruimarinho/mota

CVE-2019-12588

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect