MEDIUM🇬🇧 English

CVE-2019-5061

CVSS 6.5v3.1pub. 2019-12-12upd. 2024-11-21

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • W1.fi Hostapd

    APP
    W1.Fi
    2.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoSAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-23304CRITICAL9.8ten sam produkt

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-ch...

CVE-2022-23303CRITICAL9.8ten sam produkt

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channe...

CVE-2020-12695HIGH7.5ten sam produkt

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subs...

CVE-2019-10064HIGH7.5ten sam produkt

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any...

CVE-2019-9497HIGH8.1ten sam produkt

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar an...