Vulnerabilities > W1 FI

DATE CVE VULNERABILITY TITLE RISK
2019-09-12 CVE-2019-16275 Origin Validation Error vulnerability in multiple products
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled.
low complexity
w1-fi debian canonical CWE-346
6.5
2019-08-15 CVE-2019-13377 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used.
network
high complexity
w1-fi fedoraproject canonical debian CWE-203
5.9
2019-04-26 CVE-2019-11555 NULL Pointer Dereference vulnerability in W1.Fi Hostapd and WPA Supplicant
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received.
network
high complexity
w1-fi CWE-476
5.9
2019-04-17 CVE-2019-9499 Improper Authentication vulnerability in multiple products
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
8.1
2019-04-17 CVE-2019-9498 Improper Authentication vulnerability in multiple products
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
8.1
2019-04-17 CVE-2019-9497 Improper Authentication vulnerability in multiple products
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.
network
high complexity
w1-fi fedoraproject CWE-287
8.1
2019-04-17 CVE-2019-9496 Improper Authentication vulnerability in multiple products
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode.
network
low complexity
w1-fi fedoraproject CWE-287
7.5
2019-04-17 CVE-2019-9495 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.
3.7
2019-04-17 CVE-2019-9494 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.
5.9
2019-03-23 CVE-2016-10743 Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
network
low complexity
w1-fi CWE-332
7.5