CVE-2019-5061

Name of the Vulnerable Software and Affected Versions hostapd version 2.6

Description A denial-of-service issue exists where an attacker could trigger an access point to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial of service scenarios, such as causing CAM table attacks or leading to traffic flapping if faking already existing clients in other nearby access points of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this issue.

Recommendations For hostapd version 2.6, consider disabling the authentication process temporarily until a patch is available to prevent exploitation. Restrict access to nearby access points to minimize the risk of traffic flapping. Avoid using forged Authentication and Association Request packets in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.