PT-2020-13177 · Espressif · Esp8266 Nonos Sdk+2
Published
2020-07-23
·
Updated
2021-07-21
·
CVE-2020-12638
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Espressif ESP-IDF versions through 4.2
ESP8266 NONOS SDK versions through 3.0.3
ESP8266 RTOS SDK versions through 3.3
Description
An encryption-bypass issue allows broadcasting of forged beacon frames to force a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.
Recommendations
For Espressif ESP-IDF versions through 4.2, update to a version that contains a fix for this issue.
For ESP8266 NONOS SDK versions through 3.0.3, update to a version that contains a fix for this issue.
For ESP8266 RTOS SDK versions through 3.3, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the device's authentication mode to prevent it from being changed to OPEN.
Exploit
Fix
Improper Authentication
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esp-Idf
Esp8266 Nonos Sdk
Esp8266 Rtos Sdk