Remote Command Execution Vulnerability in wpa_supplicant and hostapd by The Linux Foundation
CVE-2014-3686

Currently unrated

Key Information:

Vendor: W1.fi
Status: Hostapd; WPa Supplicant; Debian Linux; Ubuntu Linux
Vendor: CVE Published:; 16 October 2014

What is CVE-2014-3686?

A vulnerability in wpa_supplicant and hostapd allows attackers to exploit specific configurations when using action scripts with wpa_cli or hostapd_cli. An attacker can craft a malicious frame that, when processed, executes arbitrary commands on the system, leading to potential unauthorized access and compromise. This issue affects versions 0.7.2 through 2.2 and poses significant risks if proper security configurations are not implemented.

References

http://secunia.com/advisories/60366

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3052

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-updates/2014-10/msg000...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
May 14, 2014

CVE-2014-3686 Data

JSON

W1.fi

What is CVE-2014-3686?

References

Timeline