Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w1.fi hostapd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-10743
hostapd prior to 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
W1.fi Hostapd
6.5
CVSSv3
CVE-2019-5061
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by c...
W1.fi Hostapd 2.6
6.5
CVSSv3
CVE-2019-5062
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resu...
W1.fi Hostapd 2.6
NA
CVE-2012-2389
hostapd 0.7.3, and possibly other versions prior to 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
W1.fi Hostapd 0.7.3
NA
CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd prior to 2.5 and wpa_supplicant prior to 2.5 allow remote malicious users to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record,...
W1.fi Wpa Supplicant
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
W1.fi Hostapd
7.5
CVSSv3
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd proc...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
8.1
CVSSv3
CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an malicious user to complete EAP-PWD authentication without knowing the password. However, unless the cr...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
7.5
CVSSv3
CVE-2019-10064
hostapd prior to 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
W1.fi Hostapd
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x up to and including 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked in...
W1.fi Hostapd
Fedoraproject Fedora 30
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2019-16275
hostapd prior to 2.10 and wpa_supplicant prior to 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The a...
W1.fi Hostapd
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »