Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2020-12638

Published: 23/07/2020 Updated: 21/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 383
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

An encryption-bypass issue exists on Espressif ESP-IDF devices up to and including 4.2, ESP8266_NONOS_SDK devices up to and including 3.0.3, and ESP8266_RTOS_SDK devices up to and including 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

espressif esp-idf

espressif esp8266 nonos sdk

espressif esp8266 rtos sdk

References

CWE-287CWE-319https://github.com/espressif/ESP8266_RTOS_SDKhttps://github.com/espressif/ESP8266_NONOS_SDKhttps://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessorshttps://github.com/espressif/esp-idfhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook