CVE-2021-30004 |
AVG-1762 |
Medium |
Yes |
Signature forgery |
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
CVE-2020-12695 |
AVG-1322 |
Medium |
Yes |
Proxy injection |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a... |
CVE-2017-13088 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep... |
CVE-2017-13087 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. |
CVE-2017-13086 |
AVG-453 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. |
CVE-2017-13084 |
AVG-451 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake. |
CVE-2017-13082 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it. |
CVE-2017-13081 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake. |
CVE-2017-13080 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake. |
CVE-2017-13079 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake. |
CVE-2017-13078 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake. |
CVE-2017-13077 |
AVG-448 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. |
CVE-2016-4477 |
AVG-10 |
High |
No |
Privilege escalation |
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a... |
CVE-2016-4476 |
AVG-10 |
Low |
Yes |
Denial of service |
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter... |