Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Esp8266_nonos_sdk
(Espressif)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-23 | CVE-2020-12638 | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. | Esp8266_nonos_sdk, Esp8266_rtos_sdk, Esp\-Idf | 6.8 | ||
| 2019-09-04 | CVE-2019-12588 | The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | Arduino_esp8266, Esp8266_nonos_sdk | N/A | ||
| 2019-09-04 | CVE-2019-12587 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. | Esp8266_nonos_sdk, Esp\-Idf | 8.1 | ||
| 2019-09-04 | CVE-2019-12586 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | Arduino\-Esp32, Esp8266_nonos_sdk, Esp\-Idf | 6.5 |