Vulnerabilites related to espressif - arduino-esp32
CVE-2025-53540 (GCVE-0-2025-53540)
Vulnerability from cvelistv5
Published
2025-07-07 19:26
Modified
2025-07-07 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| espressif | arduino-esp32 |
Version: < 3.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T20:52:52.145150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T20:53:06.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-esp32",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T19:26:12.503Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-9vfw-wx65-c872",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-9vfw-wx65-c872"
},
{
"name": "https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e"
}
],
"source": {
"advisory": "GHSA-9vfw-wx65-c872",
"discovery": "UNKNOWN"
},
"title": "CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53540",
"datePublished": "2025-07-07T19:26:12.503Z",
"dateReserved": "2025-07-02T15:15:11.515Z",
"dateUpdated": "2025-07-07T20:53:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53007 (GCVE-0-2025-53007)
Vulnerability from cvelistv5
Published
2025-06-26 14:45
Modified
2025-06-27 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing HTTP response headers. There is no validation or sanitization of the `name` or `value` parameters before they are included in the HTTP response. If an attacker can control the input to `sendHeader` (either directly or indirectly), they could inject carriage return (`\r`) or line feed (`\n`) characters into either the header name or value. This could allow the attacker to inject additional headers, manipulate the structure of the HTTP response, potentially inject an entire new HTTP response (HTTP Response Splitting), and/or ause header confusion or other HTTP protocol attacks. Versions 3.3.0-RC1 and 3.2.1 contain a fix for the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| espressif | arduino-esp32 |
Version: < 3.2.1 Version: >= 3.3.0-alpha1, < 3.3.0-RC1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T16:02:17.500617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T16:09:37.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-esp32",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
},
{
"status": "affected",
"version": "\u003e= 3.3.0-alpha1, \u003c 3.3.0-RC1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing HTTP response headers. There is no validation or sanitization of the `name` or `value` parameters before they are included in the HTTP response. If an attacker can control the input to `sendHeader` (either directly or indirectly), they could inject carriage return (`\\r`) or line feed (`\\n`) characters into either the header name or value. This could allow the attacker to inject additional headers, manipulate the structure of the HTTP response, potentially inject an entire new HTTP response (HTTP Response Splitting), and/or ause header confusion or other HTTP protocol attacks. Versions 3.3.0-RC1 and 3.2.1 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T14:45:40.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m"
},
{
"name": "https://github.com/espressif/arduino-esp32/commit/21640ac82a1bb5efa8cf0b3841be1ac80add6785",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/commit/21640ac82a1bb5efa8cf0b3841be1ac80add6785"
},
{
"name": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L504-L521",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L504-L521"
},
{
"name": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L577-L582",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L577-L582"
}
],
"source": {
"advisory": "GHSA-5476-9jjq-563m",
"discovery": "UNKNOWN"
},
"title": "arduino-esp32 vulnerable to CRLF injection in WebServer.cpp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53007",
"datePublished": "2025-06-26T14:45:40.839Z",
"dateReserved": "2025-06-24T03:50:36.795Z",
"dateUpdated": "2025-06-27T16:09:37.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12586 (GCVE-0-2019-12586)
Vulnerability from cvelistv5
Published
2019-09-04 20:00
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espressif"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T20:00:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/espressif",
"refsource": "MISC",
"url": "https://github.com/espressif"
},
{
"name": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks",
"refsource": "MISC",
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"name": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/",
"refsource": "MISC",
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12586",
"datePublished": "2019-09-04T20:00:45",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45798 (GCVE-0-2024-45798)
Vulnerability from cvelistv5
Published
2024-09-17 18:08
Modified
2024-09-18 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| espressif | arduino-esp32 |
Version: Commits prior to a7cec020df8f1a815bd8dfd2559f51a2216bcf1c |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:arduino:arduino_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arduino_core",
"vendor": "arduino",
"versions": [
{
"status": "affected",
"version": "esp32"
},
{
"status": "affected",
"version": "esp32-s2"
},
{
"status": "affected",
"version": "esp32-s3"
},
{
"status": "affected",
"version": "esp32-c3"
},
{
"status": "affected",
"version": "esp32-c6"
},
{
"status": "affected",
"version": "esp32-h2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:21:10.706711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:29:01.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-esp32",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "Commits prior to a7cec020df8f1a815bd8dfd2559f51a2216bcf1c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:08:57.112Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8"
},
{
"name": "https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection",
"tags": [
"x_refsource_MISC"
],
"url": "https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection"
},
{
"name": "https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml"
},
{
"name": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests"
},
{
"name": "https://securitylab.github.com/research/github-actions-untrusted-input",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/research/github-actions-untrusted-input"
}
],
"source": {
"advisory": "GHSA-h52q-xhg2-6jw8",
"discovery": "UNKNOWN"
},
"title": "Multiple Poisoned Pipeline Execution (PPE) vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45798",
"datePublished": "2024-09-17T18:08:57.112Z",
"dateReserved": "2024-09-09T14:23:07.503Z",
"dateUpdated": "2024-09-18T13:29:01.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-09-04 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Matheus-Garbelini/esp32_esp8266_attacks | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/espressif | Third Party Advisory | |
| cve@mitre.org | https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Matheus-Garbelini/esp32_esp8266_attacks | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/espressif | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/ | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| espressif | arduino-esp32 | * | |
| espressif | arduino-esp32 | 1.0.3 | |
| espressif | arduino-esp32 | 1.0.3 | |
| espressif | arduino-esp32 | 1.0.3 | |
| espressif | esp-idf | * | |
| espressif | esp8266_nonos_sdk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:espressif:arduino-esp32:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8CB7D3-9F85-46C6-BBB9-592919977335",
"versionEndIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:espressif:arduino-esp32:1.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "18EBC74F-E07E-45AB-A741-6D72CE182838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:espressif:arduino-esp32:1.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AEF26B7B-EE51-486E-B32B-10FDACF8B9F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:espressif:arduino-esp32:1.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1CB45124-5482-4A49-ABA2-E3AFE94421EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "606F8C7D-BBF1-4ABE-89AD-7D86BA56F1C9",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742F7BCB-7B5C-498E-A255-D9392E2BFA93",
"versionEndIncluding": "3.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de peer EAP en Espressif ESP-IDF versiones 2.0.0 hasta 4.0.0 y ESP8266_NONOS_SDK versiones 2.2.0 hasta 3.1.0, procesa los mensajes EAP Success antes de cualquier completaci\u00f3n o fallo del m\u00e9todo EAP, lo que permite a los atacantes en un radio de alcance causar una denegaci\u00f3n de servicio (bloqueo) por medio de un mensaje dise\u00f1ado."
}
],
"id": "CVE-2019-12586",
"lastModified": "2024-11-21T04:23:08.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-04T20:15:10.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/espressif"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Matheus-Garbelini/esp32_esp8266_attacks"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/espressif"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}