14 matches found
CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303...
CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303...
CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303...
CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303...
PT-2025-23450 · Mediatek +2 · Mt6890 +16
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A missing permission check in the wlan AP driver allows for the injection of arbitrary packets, potentially leading to remote escalation of privilege without requiring additional execution...
OpenBSD Input Validation Error Vulnerability
OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD Openbsd project team. A security vulnerability exists in OpenBSD version 6.6. An attacker can inject arbitrary network packets independent of the network configuration...
UBUNTU-CVE-2020-26144
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 i.e., LLC/SNAP header for EAPOL. An adversary can abuse this to inject arbitrary network packets...
Cisco IOS XE SD-WAN Software Packet Filtering Bypass (cisco-sa-cedge-filt-bypass-Y6wZMqm4)
According to its self-reported version, Cisco SD-WAN Solution is affected by a packet filtering bypass vulnerability. The vulnerability is due to improper traffic filtering conditions on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by crafting a malicio...
CVE-2020-3444
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...
CVE-2020-3444 Cisco SD-WAN Software Packet Filtering Bypass Vulnerability
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...
WPA2 Protocol Vulnerabilities - Lenovo Support US
No description provided...
CVE-2017-2895
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker...
Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Overview Wi-Fi Protected Access WPA, more commonly WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point AP or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to...
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...