Vulnerabilities > W1 FI

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-5290 Uncontrolled Search Path Element vulnerability in W1.Fi WPA Supplicant
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
local
low complexity
w1-fi CWE-427
7.8
2024-02-22 CVE-2023-52160 Improper Authentication vulnerability in multiple products
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass.
network
low complexity
debian redhat fedoraproject w1-fi CWE-287
6.5
2022-01-17 CVE-2022-23303 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
9.8
2022-01-17 CVE-2022-23304 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
9.8
2021-04-02 CVE-2021-30004 Improper Input Validation vulnerability in W1.Fi Hostapd and WPA Supplicant
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
network
low complexity
w1-fi CWE-20
5.3
2021-02-26 CVE-2021-27803 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
high complexity
w1-fi fedoraproject debian
7.5
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-02-28 CVE-2019-10064 Insufficient Entropy vulnerability in multiple products
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values.
network
low complexity
w1-fi debian CWE-331
7.5
2019-12-12 CVE-2019-5062 Origin Validation Error vulnerability in W1.Fi Hostapd 2.6
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions.
low complexity
w1-fi CWE-346
6.5
2019-12-12 CVE-2019-5061 Improper Authentication vulnerability in W1.Fi Hostapd 2.6
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed.
low complexity
w1-fi CWE-287
6.5