Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hostapd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-5055
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause ...
Netgear Wnr2000 Firmware 1.0.0.70
2.1
CVSSv2
CVE-2017-14428
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
Dlink Dir-850l Firmware
Dlink Dir-850l Firmware Fw114wwb07 H2ab
NA
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and previous versions allows remote malicious users to run arbitrary commands via crafted POST request to hostapd settings form.
Raspap Raspap
9
CVSSv2
CVE-2021-33358
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenti...
Raspap Raspap
6.9
CVSSv2
CVE-2019-9375
In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244
Google Android 10.0
NA
CVE-2022-20308
In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...
Google Android 13.0
3.3
CVSSv2
CVE-2015-5310
The WNM Sleep Mode code in wpa_supplicant 2.x prior to 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote malicious users to inject arbitrary broadcast or multicast packets or cause a denial of s...
Google Android 6.0.1
Google Android 6.0
Google Android 4.4.4
Google Android 5.0
Google Android 5.1.1
4.3
CVSSv2
CVE-2015-5315
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x prior to 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote malicious users to cause a den...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-5316
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x prior to 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pw...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-5314
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x prior to 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configu...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »