Vulnerabilities > W1 FI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-17 | CVE-2022-23303 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. | 6.8 |
| 2022-01-17 | CVE-2022-23304 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. | 6.8 |
| 2021-04-02 | CVE-2021-30004 | Improper Input Validation vulnerability in W1.Fi Hostapd and WPA Supplicant In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | 5.0 |
| 2021-02-26 | CVE-2021-27803 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. | 5.4 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.8 |
| 2020-02-28 | CVE-2019-10064 | Insufficient Entropy vulnerability in multiple products hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. | 5.0 |
| 2019-12-12 | CVE-2019-5062 | Origin Validation Error vulnerability in W1.Fi Hostapd 2.6 An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. | 3.3 |
| 2019-12-12 | CVE-2019-5061 | Improper Authentication vulnerability in W1.Fi Hostapd 2.6 An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. | 3.3 |
| 2019-09-12 | CVE-2019-16275 | Origin Validation Error vulnerability in multiple products hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. | 3.3 |
| 2019-08-15 | CVE-2019-13377 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. | 4.3 |