8.8

CVE-2019-6496

Medienbericht
Exploit

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Marvell88w8787 Firmware Version-
   Marvell88w8787 Version-
Marvell88w8797 Firmware Version-
   Marvell88w8797 Version-
Marvell88w8801 Firmware Version-
   Marvell88w8801 Version-
Marvell88w8897 Firmware Version-
   Marvell88w8897 Version-
Marvell88w8997 Firmware Version-
   Marvell88w8997 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.35% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/106865
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/730261/
Third Party Advisory
US Government Resource