Published: 04/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 296

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

The EAP peer implementation in Espressif ESP-IDF 2.0.0 up to and including 4.0.0 and ESP8266_NONOS_SDK 2.2.0 up to and including 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
espressif arduino-esp32 1.0.3
espressif esp-idf
espressif arduino-esp32
espressif esp8266 nonos sdk

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a research outcome from the ASSET Research Group This repository demonstrates 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices: Zero PMK Installation (CVE-2019-12587) - Hijacking ESP32/ESP8266 clients connected to enterprise networks; ESP32/ESP8266 EAP client crash (CVE-2019-12586) - Crashing ESP devices connec

A Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using their built-in Over-The-Air update interface. It is suited for network setups where IoT devices do not have internet connectivity.

🛵 Mass Over-The-Air updater for Shelly devices 🛵 mota is a mass Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using the built-in Over-The-Air (OTA) update interface It is particularly suited for network setups using VLANs where IoT devices do not have internet connectivity Background Shelly devices periodically ping the Sh

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

A Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using their built-in Over-The-Air update interface. It is suited for network setups where IoT devices do not have internet connectivity.

🛵 Mass Over-The-Air updater for Shelly devices 🛵 mota is a mass Shelly device firmware updater based on zeroconf (or bonjour) discovery for local networks using the built-in Over-The-Air (OTA) update interface It is particularly suited for network setups using VLANs where IoT devices do not have internet connectivity Background Shelly devices periodically ping the Sh

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a research outcome from the ASSET Research Group This repository demonstrates 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices: Zero PMK Installation (CVE-2019-12587) - Hijacking ESP32/ESP8266 clients connected to enterprise networks; ESP32/ESP8266 EAP client crash (CVE-2019-12586) - Crashing ESP devices connec

NVD-CWE-noinfo https://github.com/espressif https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/https://github.com/Matheus-Garbelini/esp32_esp8266_attacks https://nvd.nist.gov https://github.com/84KaliPleXon3/esp32_esp8266_attacks https://github.com/ruimarinho/mota

CVE-2019-12586

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect