Vulnerabilities > CVE-2019-13581 - Out-of-bounds Write vulnerability in Marvell 88W8688 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

marvell

CWE-787

critical

NVD

Published: 2019-11-15

Updated: 2020-01-02

Summary

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets.

Vulnerable Configurations

Part	Description	Count
OS	Marvell Marvell 88W8688 Firmware *	1
Hardware	Marvell Marvell 88W8688 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.marvell.com/documents/ioaj5dntk2ubykssa78s/
https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/