cbcvebase.
CVE-2017-9417
published 2017-06-04

CVE-2017-9417: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
47.54%
98.7th percentile
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

Affected

10 ranges
VendorProductVersion rangeFixed in
appleairport_base_station_firmware_update
appleapple_tv_software
appleios
applemacos_sierra_10.12.6_security_update_2017-003_el_capitan_and_security_update_201
appletvos
applewatchos
applewi-fi_update_for_boot_camp
debianfirmware-nonfree< firmware-nonfree 20180518-1 (bookworm)firmware-nonfree 20180518-1 (bookworm)
googleandroid
msrcwindows_10_version_1607_for_32-bit_systems

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44268.zip
  • Exploit targets Broadcom BCM43xx Wi-Fi chips over the air (no association required); monitor for anomalous 802.11 management/probe frames from nearby devices as a potential delivery vector.
  • The BroadPWN exploit payload causes arbitrary memory writes/reads on the BCM43xx chip, ultimately crashing the host device's main CPU kernel — unexpected kernel panics on Wi-Fi-enabled Apple/Android devices in proximity to untrusted RF environments should be investigated.
  • Reference the public PoC exploit (EDB-44268 / 44268.zip) for signature development; any download or execution of this archive on a network should be treated as a high-confidence indicator of exploitation activity.
  • ·The vulnerability is described with 'unspecified vectors' in the NVD entry; no packet-level protocol detail is publicly disclosed in these sources, limiting precise signature creation.
  • ·Exploitation occurs entirely on the Wi-Fi chip firmware layer; host-based EDR/AV will not observe the initial compromise stage — detection must rely on RF/wireless monitoring or post-exploitation kernel crash artifacts.
  • ·Additional technical detail is referenced at an external blog (http://boosterok.com/blog/broadpwn2/) not included in the provided sources; analysts should consult that resource for deeper protocol-level IOCs.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.