Replay Attack Vulnerability in ESP-NOW Communication Protocol by Espressif
CVE-2024-42483

6.5MEDIUM

Key Information:

Vendor
Espressif
Status
Esp-now
Vendor
CVE Published:
12 September 2024

Summary

A vulnerability exists in the ESP-NOW component of the Espressif communication protocol, which employs a shared cache for all message types. This design flaw allows attackers to execute replay attacks by clearing legitimate entries from the cache, thereby providing an opportunity to re-inject previously captured packets. This issue has been addressed in version 2.5.2.

References

https://github.com/espressif/esp-now/security/advisories/...
https://github.com/espressif/esp-now/commit/4e30db50d541b...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-42483 : Replay Attack Vulnerability in ESP-NOW Communication Protocol by Espressif | SecurityVulnerability.io