Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 8:4 a.m.6 views

CVE-2026-53182

A flaw was found in the Linux kernel's nl80211 Wi-Fi subsystem. The nl80211parsernrelems function, responsible for parsing EMA RNR Enhanced Multiple Access Reduced Neighbor Report lists, does not properly handle an excessive number of nested NL80211ATTREMARNRELEMS inputs. This improper input...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/12/11 12:0 a.m.161 views

📄 Broadcom Wi-Fi Firmware Out-Of-Bounds Write

Broadcom Wi-Fi firmware remote code execution exploit via an out-of-bounds write in the RRM Neighbor Report Handler. ============================================================================================================================================= | Title : Broadcom 802.11k Remote Code...

10CVSS8.5AI score0.09129EPSS
Exploits3
NVD
NVD
added 2025/11/04 7:15 a.m.7 views

CVE-2025-20731

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege when OceReducedNeighborReport is disabled. User interaction is not needed for exploitation...

5.3CVSS0.00113EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 7:15 a.m.4 views

CVE-2025-20732

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege when OceReducedNeighborReport is disabled. User interaction is not needed for exploitation...

5.3CVSS5.8AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 6:20 a.m.11 views

CVE-2025-20732

The CVE-2025-20732 entry describes a local privilege-escalation flaw in the wlan AP driver (Linksys Wireless Network Controller Driver) caused by an incorrect bounds check that enables an out-of-bounds write. Impact is local, with no user interaction required, and exploitation is not detailed in ...

5.3CVSS6.3AI score0.00113EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.8 views

PT-2025-44970

Name of the Vulnerable Software and Affected Versions Cisco Wireless Lan AP Driver affected versions not specified Description The wlan AP driver contains a flaw where an incorrect bounds check can lead to an out-of-bounds write. Successful exploitation of this issue could allow a malicious actor...

5.3CVSS6.4AI score0.00113EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:35 a.m.7 views

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...

7.5CVSS7AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2024/08/05 3:15 p.m.19 views

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...

7.5CVSS0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/05 2:21 p.m.21 views

CVE-2024-33015 Buffer Over-read in WLAN Host

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...

7.5CVSS0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/05 2:21 p.m.16 views

CVE-2024-33015 Buffer Over-read in WLAN Host

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...

7.5CVSS7AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2024/08/05 2:21 p.m.87 views

CVE-2024-33015

CVE-2024-33015 describes a transient DoS in the WLAN host stack during parsing of a SCAN RNR Information Element. Root cause: when bytes from the AP cause the size of the last IE parameter to be smaller than the neighboring report, a DoS can occur. Documented references indicate this affects Qual...

7.5CVSS7.6AI score0.0028EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.6 views

PT-2024-25061 · Qualcomm · Snapdragon +181

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs while parsing SCAN RNR IE. This happens when the size of the last parameter of IE ...

7.5CVSS6.5AI score0.0028EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.4 views

SUSE CVE-2017-11120

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...

10CVSS9.7AI score0.09129EPSS
Exploits3References4
OSV
OSV
added 2019/05/08 5:29 p.m.2 views

CVE-2019-2053

In wnmparseneighborreportelem of wnmsta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0...

5.5CVSS6.5AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2019/05/08 5:29 p.m.2 views

UBUNTU-CVE-2019-2053

In wnmparseneighborreportelem of wnmsta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0...

5.5CVSS7.4AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2017/09/28 1:29 a.m.4 views

CVE-2017-11120

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...

9.8CVSS7.6AI score0.09129EPSS
Exploits3References11
Prion
Prion
added 2017/09/28 1:29 a.m.25 views

Buffer overflow

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...

10CVSS9.5AI score0.09129EPSS
Exploits3References11Affected Software3
0day.today
0day.today
added 2017/09/28 12:0 a.m.39 views

iPhone 7 and Samsung Galaxy S7 Wi-Fi Chip Hack Vulnerability

Exploit for hardware platform in category remote exploits Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to t...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2017/09/27 5:0 p.m.29 views

CVE-2017-11120

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...

9.7AI score0.09129EPSS
Exploits3References11
Exploit DB
Exploit DB
added 2017/09/25 12:0 a.m.54 views

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 14C92, but should work on all versions of iOS up to 10.3.3 included. However...

7.4AI score
Exploits0
Rows per page
Query Builder