LOW🇬🇧 English

CVE-2025-24912

CVSS 3.7v3.0pub. 2025-03-12upd. 2025-10-24

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • W1.fi Hostapd

    APP
    W1.Fi
    ≤ 2.11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-23304CRITICAL9.8ten sam produkt

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-ch...

CVE-2022-23303CRITICAL9.8ten sam produkt

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channe...

CVE-2020-12695HIGH7.5ten sam produkt

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subs...

CVE-2019-10064HIGH7.5ten sam produkt

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any...

CVE-2019-9497HIGH8.1ten sam produkt

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar an...