Vulnerabilities > Espressif

DATE CVE VULNERABILITY TITLE RISK
2020-08-31 CVE-2020-13594 Improper Input Validation vulnerability in Espressif Esp-Idf
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
low complexity
espressif CWE-20
3.3
2020-07-23 CVE-2020-12638 Improper Authentication vulnerability in Espressif Esp-Idf
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3.
4.3
2019-11-14 CVE-2019-17391 Improper Handling of Exceptional Conditions vulnerability in Espressif products
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2.
local
low complexity
espressif CWE-755
2.1
2019-10-07 CVE-2019-15894 Improper Handling of Exceptional Conditions vulnerability in Espressif Esp-Idf
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1.
local
low complexity
espressif CWE-755
7.2
2019-09-04 CVE-2019-12586 Unspecified vulnerability in Espressif Arduino-Esp32, Esp-Idf and Esp8266 Nonos SDK
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
low complexity
espressif
3.3
2019-09-04 CVE-2019-12588 Improper Input Validation vulnerability in Espressif Arduino Esp8266 and Esp8266 Nonos SDK
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
low complexity
espressif CWE-20
3.3
2019-09-04 CVE-2019-12587 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Espressif Esp-Idf and Esp8266 Nonos SDK
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
low complexity
espressif CWE-327
4.8
2019-05-13 CVE-2018-18558 Improper Input Validation vulnerability in Espressif Esp-Idf
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1.
high complexity
espressif CWE-20
6.4