Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
AnalysisAI
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. Affected products include: Hp Instantos.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthe
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthent
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that coul
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated rem
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today