Encryption Bypass in Espressif ESP-IDF and ESP8266 SDKs
CVE-2020-12638

6.8MEDIUM

Key Information:

Vendor

Espressif

Status
Esp8266 Nonos Sdk
Esp8266 Rtos Sdk
Esp-idf
Vendor
CVE Published:
23 July 2020

What is CVE-2020-12638?

An encryption-bypass vulnerability has been identified in Espressif ESP-IDF and ESP8266 SDKs that impacts their ability to secure wireless communications. By broadcasting specially crafted beacon frames, an attacker can compel a device to shift its authentication mode to OPEN, thereby disabling standard 802.11 encryption. This essentially allows unauthorized access to the network, posing significant risks to data integrity and privacy for affected devices.

References

https://github.com/espressif/esp-idf
x_refsource_MISC
https://github.com/espressif/ESP8266_NONOS_SDK
x_refsource_MISC
https://github.com/espressif/ESP8266_RTOS_SDK
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.