Published: 20/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 739

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote malicious users to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Vulnerable Product	Search on Vulmon	Subscribe to Product
marvell 88w8787_firmware -
marvell 88w8797_firmware -
marvell 88w8801_firmware -
marvell 88w8897_firmware -
marvell 88w8997_firmware -

CWE-787 https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/http://www.securityfocus.com/bid/106865 https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement https://www.kb.cert.org/vuls/id/730261/https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf https://www.synology.com/security/advisory/Synology_SA_19_07 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/730261

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-6496

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect