7.5

CVE-2026-45255

Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network.  This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell.  As a result, a suitably crafted network name can be used to execute commands via a subshell.

The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig.  The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan.  Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version14.3 Update-
FreebsdFreebsd Version14.3 Updatep1
FreebsdFreebsd Version14.3 Updatep10
FreebsdFreebsd Version14.3 Updatep11
FreebsdFreebsd Version14.3 Updatep12
FreebsdFreebsd Version14.3 Updatep13
FreebsdFreebsd Version14.3 Updatep2
FreebsdFreebsd Version14.3 Updatep3
FreebsdFreebsd Version14.3 Updatep4
FreebsdFreebsd Version14.3 Updatep5
FreebsdFreebsd Version14.3 Updatep6
FreebsdFreebsd Version14.3 Updatep7
FreebsdFreebsd Version14.3 Updatep8
FreebsdFreebsd Version14.3 Updatep9
FreebsdFreebsd Version14.4 Update-
FreebsdFreebsd Version14.4 Updatep1
FreebsdFreebsd Version14.4 Updatep2
FreebsdFreebsd Version14.4 Updatep3
FreebsdFreebsd Version14.4 Updatep4
FreebsdFreebsd Version14.4 Updaterc1
FreebsdFreebsd Version15.0 Update-
FreebsdFreebsd Version15.0 Updatep1
FreebsdFreebsd Version15.0 Updatep2
FreebsdFreebsd Version15.0 Updatep3
FreebsdFreebsd Version15.0 Updatep4
FreebsdFreebsd Version15.0 Updatep5
FreebsdFreebsd Version15.0 Updatep6
FreebsdFreebsd Version15.0 Updatep7
FreebsdFreebsd Version15.0 Updatep8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.219
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://security.freebsd.org/advisories/FreeBSD-SA-26:23.bsdinstall.asc
Vendor Advisory