MEDIUM🇵🇱 Wersja polska

CVE-2019-5061

CVSS 6.5v3.1pub. 2019-12-12upd. 2024-11-21

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • W1.fi Hostapd

    APP
    W1.Fi
    2.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSAuth Bypass
CWE
References

Related vulnerabilities

CVE-2022-23304CRITICAL9.8ten sam produkt

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-ch...

CVE-2022-23303CRITICAL9.8ten sam produkt

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channe...

CVE-2020-12695HIGH7.5ten sam produkt

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subs...

CVE-2019-10064HIGH7.5ten sam produkt

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any...

CVE-2019-9497HIGH8.1ten sam produkt

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar an...