43 matches found
CVE-2024-21459 Buffer Over-read in WLAN HOST
Information disclosure while handling beacon or probe response frame in STA...
CVE-2023-33061
CVE-2023-33061 describes a transient Denial of Service in the WLAN firmware when parsing WLAN beacon or probe-response frames. The vulnerability is associated with Qualcomm chipsets’ WLAN firmware (closed‑source components). The CVE is listed with a base score of 7.5 (High) on the CVSSv3.1 scale,...
CVE-2023-21661
Transient DOS while parsing WLAN beacon or probe-response frame...
CVE-2022-40514
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame...
Qualcomm 芯片缓冲区错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the WLAN module of the Qualcomm chip that...
CVE-2022-40514 Buffer copy without checking size of input in WLAN Firmware
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame...
CVE-2022-40514
CVE-2022-40514 concerns memory corruption in WLAN firmware when processing the CCKM IE in a reassoc response frame, caused by a buffer copy that does not validate input size. The vulnerability is associated with Qualcomm’s WLAN firmware; CVSS v3.1 base score is PRACTICALLY high: 9.8 (Network atta...
Buffer overflow
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame...
openSUSE Security Update : hostapd (openSUSE-2017-1201) (KRACK)
This update for hostapd fixes the following issues : - Fix KRACK attacks on the AP side boo1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088 : Hostap was updated to upstream release 2.6 - fixed EAP-pwd last fragment validation...
Authentication flaw
Wi-Fi Protected Access WPA and WPA2 that support 802.11v allows reinstallation of the Group Temporal Key GTK when processing a Wireless Network Management WNM Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients...
CVE-2014-0997
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle...
CVE-2017-6957
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE 156...
CVE-2017-6957
CVE-2017-6957 is a stack-based buffer overflow in Broadcom Wi‑Fi HardMAC SoC firmware (notably BCM4339) when handling Cisco CCKM Fast and Secure Roaming. In affected firmware, the reassociation response frame containing Cisco IE 156 is parsed and a length field derived from IE[20]:IE[21] can over...
Android WiFi-Direct Denial Of Service
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Android WiFi-Direct Denial of Service 1. Advisory Information Title: Android WiFi-Direct Denial of Service Advisory ID: CORE-2015-0002 Advisory URL: http://www.coresecurity.com/advisories/android-wifi-direct-denial-service Date...
Intel Centrino ipw2200BG - Wireless Driver Remote Buffer Overflow (Metasploit)
Intel Centrino ipw2200BG - Wireless Driver Remote Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow
NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow source: https://www.securityfocus.com/bid/21251/info NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it...
CVE-2006-5882
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field...
CVE-2006-5882
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field...
CVE-2006-5710
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element IE fields after the header, which...
CVE-2006-5710
CVE-2006-5710 affects Apple AirPort drivers in Darwin kernel 8.8.0 on Mac OS X 10.4.8 (and possibly related versions) via a heap-based overflow triggered by crafted 802.11 probe response frames lacking proper information elements after the header. The CERT/NVD description states a remote attacker...