CVE-2024-42483

Name of the Vulnerable Software and Affected Versions ESP-NOW versions prior to 2.5.2

Description A replay attacks vulnerability was discovered in the ESP-NOW Component, which provides a connectionless Wi-Fi communication protocol. The issue arises because the cache is not differentiated by message types, making it a shared resource for all kinds of messages. This allows an attacker to clear the cache of its legitimate entries, creating an opportunity to re-inject previously captured packets.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 to resolve the issue. As a temporary workaround, consider implementing measures to restrict the re-injection of previously captured packets, such as enhancing cache management to differentiate between message types.