Skip to main content

Hostapd CVE-2014-3686

MEDIUM
Improper Input Validation (CWE-20)
2014-10-16 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 16, 2014 - 00:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

AnalysisAI

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. Affected products include: W1.Fi Hostapd, W1.Fi Wpa Supplicant, Canonical Ubuntu Linux, Debian Debian Linux. Version information: through 2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-13082 HIGH POC
8.1 Oct 17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PT

CVE-2019-9499 HIGH
8.1 Apr 17

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validati

CVE-2019-9498 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on

CVE-2019-9497 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element

CVE-2016-4476 HIGH
7.5 May 09

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase paramete

CVE-2020-12695 HIGH
7.5 Jun 08

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription r

CVE-2019-9496 HIGH
7.5 Apr 17

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

CVE-2026-58374 HIGH
7.1 Jun 30

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthe

CVE-2017-13084 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) du

CVE-2017-13077 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during

CVE-2017-13086 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) duri

CVE-2022-37660 MEDIUM
6.5 Feb 11

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. Rated medium severit

Share

CVE-2014-3686 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy