CVE-2026-23279

A flaw was found in the Linux kernel's mac80211 component. A remote mesh peer with an established peer link can trigger a kernel NULL pointer dereference by sending a specially crafted Wi-Fi Wireless Fidelity management frame. This frame, a SPECTRUMMGMT/CHLSWITCH action frame, omits a required...

SUSE CVE-2026-23325

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996macwritetxwi80211 Check frame length before accessing the mgmt fields in mt7996macwritetxwi80211 in order to avoid a possible oob access...

CVE-2026-23315

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76connac2macwritetxwi80211 Check frame length before accessing the mgmt fields in mt76connac2macwritetxwi80211 in order to avoid a possible oob access. fix check to also cover...

CVE-2026-23279

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in meshrxcsaframe In meshrxcsaframe, elems-meshchanswparamsie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh-chswttl = elems-meshchanswparamsie-meshttl;...

CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76connac2macwritetxwi80211 Check frame length before accessing the mgmt fields in mt76connac2macwritetxwi80211 in order to avoid a possible oob access. fix check to also cover...

CVE-2026-26048

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-26048

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-26048

CVE-2026-26048 concerns the Jinan USR IOT Technology Limited (PUSR) USR-W610 router. The vulnerability is due to the absence of management frame protection, allowing forged de-authentication and disassociation frames to be broadcast without authentication or encryption, which can enable unauthori...

CVE-2026-23130

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dead lock while flushing management frames Commit 1 converted the management transmission work item into a wiphy work. Since a wiphy work can only run under wiphy lock protection, a race condition happens in bel...

CVE-2019-2268

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098,...

CVE-2022-33306

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs...

CVE-2025-47395

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element...

CVE-2025-47395 Buffer Over-read in WLAN Firmware

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element...

CVE-2025-47395 Buffer Over-read in WLAN Firmware

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element...

CVE-2025-40321

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. Th...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...