cbcvebase.

W1.Fi Hostapd vulnerabilities

41 known vulnerabilities affecting w1.fi/hostapd.

Total CVEs
41
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM27LOW3

Vulnerabilities

Page 2 of 3
CVE-2017-13088P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13088 [MEDIUM] CWE-323 CVE-2017-13088: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Gr Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13087P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13087 [MEDIUM] CWE-330 CVE-2017-13087: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Tempor Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13078P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13078 [MEDIUM] CWE-323 CVE-2017-13078: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13080P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13080 [MEDIUM] CWE-323 CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvd
CVE-2017-13081P4MEDIUMCVSS 5.3v0.2.4v0.2.5+29 more2017-10-17
CVE-2017-13081 [MEDIUM] CWE-323 CVE-2017-13081: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integr Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
nvd
CVE-2019-16275P4MEDIUMCVSS 6.5≤ 2.92019-09-12
CVE-2019-16275 [MEDIUM] CWE-346 CVE-2019-16275: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the
nvd
CVE-2026-58374P4MEDIUMCVSS 6.5fixed in 2.122026-06-30
CVE-2026-58374 [MEDIUM] CWE-193 CVE-2026-58374: In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operati In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ie
nvd
CVE-2012-4445P4MEDIUMCVSS 4.3v0.6.0v0.6.1+11 more2012-10-10
CVE-2012-4445 [MEDIUM] CWE-119 CVE-2012-4445: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common. Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
nvd
CVE-2019-5061P4MEDIUMCVSS 6.5v2.62019-12-12
CVE-2019-5061 [MEDIUM] CWE-440 CVE-2019-5061: An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could tr An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking alr
nvd
CVE-2021-30004P4MEDIUMCVSS 5.3v2.92021-04-02
CVE-2021-30004 [MEDIUM] CWE-20 CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
nvd
CVE-2015-4141P4MEDIUMCVSS 4.3v0.7.0v0.7.1+9 more2015-06-15
CVE-2015-4141 [MEDIUM] CWE-119 CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external reg The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
nvd
CVE-2015-4143P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4143 [MEDIUM] CWE-119 CVE-2015-4143: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remo The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
nvd
CVE-2015-4144P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4144 [MEDIUM] CWE-119 CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not va The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
nvd
CVE-2015-4145P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4145 [MEDIUM] CWE-399 CVE-2015-4145: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not va The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
nvd
CVE-2015-4146P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4146 [MEDIUM] CVE-2015-4146: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L ( The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
nvd
CVE-2015-8041P4MEDIUMCVSS 5.0≤ 2.42015-11-09
CVE-2015-8041 [MEDIUM] CWE-189 CVE-2015-8041: Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
nvd
CVE-2015-4142P4MEDIUMCVSS 4.3v0.7.0v0.7.1+9 more2015-06-15
CVE-2015-4142 [MEDIUM] CWE-119 CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
nvd
CVE-2019-5062P4MEDIUMCVSS 6.5v2.62019-12-12
CVE-2019-5062 [MEDIUM] CWE-440 CVE-2019-5062: An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hos An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
nvd
CVE-2019-9495P4LOWCVSS 3.7≤ 2.72019-04-17
CVE-2019-9495 [LOW] CWE-524 CVE-2019-9495: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache.
nvd
CVE-2025-24912P4LOWCVSS 3.7≤ 2.112025-03-12
CVE-2025-24912 [LOW] CWE-826 CVE-2025-24912: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices w hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
nvd
W1.Fi Hostapd vulnerabilities | cvebase