RSS   Vulnerabilities for 'Esp8266 nonos sdk'   RSS

2020-07-23
 
CVE-2020-12638

CWE-287
 

 
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.

 
2019-09-04
 
CVE-2019-12588

CWE-20
 

 
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

 
 
CVE-2019-12587

CWE-20
 

 
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.

 

 >>> Vendor: Espressif 5 Products
Arduino-esp32
Esp-idf
Arduino esp8266
Esp8266 nonos sdk
Esp8266 rtos sdk


Copyright 2024, cxsecurity.com

 

Back to Top