Denial of Service Vulnerability in Espressif ESP32 Products
CVE-2021-34173

7.5HIGH

Key Information:

Vendor
Espressif
Status
Esp32 Firmware
Vendor
CVE Published:
14 July 2021

Summary

A vulnerability exists in the Espressif ESP32 where a malformed beacon CSA frame can trigger a Denial of Service, causing the device to enter a kernel panic state. Affected devices running version 4.2 and earlier require a reboot to restore functionality, potentially disrupting operations and affecting user experience.

References

https://github.com/E7mer
x_refsource_MISC
https://github.com/E7mer/OWFuzz
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-34173 : Denial of Service Vulnerability in Espressif ESP32 Products | SecurityVulnerability.io