cbcvebase.

W1.Fi Hostapd vulnerabilities

41 known vulnerabilities affecting w1.fi/hostapd.

Total CVEs
41
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM27LOW3

Vulnerabilities

Page 1 of 3
CVE-2019-9497P3HIGHCVSS 8.1≤ 2.4≥ 2.5, ≤ 2.72019-04-17
CVE-2019-9497 [HIGH] CWE-301 CVE-2019-9497: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker
nvd
CVE-2022-23303P3CRITICALCVSS 9.8fixed in 2.102022-01-17
CVE-2022-23303 [CRITICAL] CVE-2022-23303: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to s The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
nvd
CVE-2020-12695P3HIGHCVSS 7.5fixed in 2.0.02020-06-08
CVE-2020-12695 [HIGH] CWE-276 CVE-2020-12695: The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
nvd
CVE-2022-23304P3CRITICALCVSS 9.8fixed in 2.102022-01-17
CVE-2022-23304 [CRITICAL] CVE-2022-23304: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
nvd
CVE-2019-9499P3HIGHCVSS 8.1≤ 2.4≥ 2.5, ≤ 2.72019-04-17
CVE-2019-9499 [HIGH] CWE-346 CVE-2019-9499: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missi The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supp
nvd
CVE-2019-9498P3HIGHCVSS 8.1≤ 2.4≥ 2.5, ≤ 2.72019-04-17
CVE-2019-9498 [HIGH] CWE-346 CVE-2019-9498: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing ex The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or lea
nvd
CVE-2014-3686P3MEDIUMCVSS 6.8v0.7.2v1.0+4 more2014-10-16
CVE-2014-3686 [MEDIUM] CWE-20 CVE-2014-3686: wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
nvd
CVE-2017-13082P3HIGHCVSS 8.1v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13082 [HIGH] CWE-323 CVE-2017-13082: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwi Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2019-9496P3HIGHCVSS 7.5≤ 2.72019-04-17
CVE-2019-9496 [HIGH] CWE-642 CVE-2019-9496: An invalid authentication sequence could result in the hostapd process terminating due to missing st An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with
nvd
CVE-2019-10064P3HIGHCVSS 7.5fixed in 2.62020-02-28
CVE-2019-10064 [HIGH] CVE-2019-10064: hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions w hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
nvd
CVE-2016-10743P3HIGHCVSS 7.5fixed in 2.62019-03-23
CVE-2016-10743 [HIGH] CWE-332 CVE-2016-10743: hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() fu hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
nvd
CVE-2022-37660P3MEDIUMCVSS 6.5≤ 2.102025-02-11
CVE-2022-37660 [MEDIUM] CWE-323 CVE-2022-37660: In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the capture
nvd
CVE-2016-4476P3HIGHCVSS 7.5≥ 0.6.7, ≤ 2.52016-05-09
CVE-2016-4476 [HIGH] CWE-20 CVE-2016-4476: hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
nvd
CVE-2019-9494P3MEDIUMCVSS 5.9≤ 2.72019-04-17
CVE-2019-9494 [MEDIUM] CWE-208 CVE-2019-9494: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE supp
nvd
CVE-2017-13077P4MEDIUMCVSS 6.8v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13077 [MEDIUM] CWE-330 CVE-2017-13077: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temp Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2017-13086P4MEDIUMCVSS 6.8v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13086 [MEDIUM] CWE-323 CVE-2017-13086: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2019-13377P4MEDIUMCVSS 5.9≥ 2.0, ≤ 2.82019-08-15
CVE-2019-13377 [MEDIUM] CWE-203 CVE-2019-13377: The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
nvd
CVE-2017-13084P4MEDIUMCVSS 6.8v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13084 [MEDIUM] CWE-323 CVE-2017-13084: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Tr Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
nvd
CVE-2019-11555P4MEDIUMCVSS 5.9fixed in 2.82019-04-26
CVE-2019-11555 [MEDIUM] CWE-476 CVE-2019-11555: The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2 The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_
nvd
CVE-2017-13079P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13079 [MEDIUM] CWE-323 CVE-2017-13079: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integr Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
nvd
W1.Fi Hostapd vulnerabilities | cvebase