{"vulnerability": "CVE-2021-4178", "sightings": [{"uuid": "c89e1a9d-0076-4cef-b954-9f9651f47d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4178", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzggt22m", "content": "", "creation_timestamp": "2025-08-19T21:02:24.238642Z"}, {"uuid": "e9e16253-ab56-43cb-bd68-fab8cba22338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41788", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2706", "content": "STEP2: Pick the attack module you wish      1) Frames detected at the moment of connectivity disruption, one-by-one\n    2) Sequence of frames till the moment a disruption was detected (BETA)\n  STEP3: The first mode of DoS802.11, tests all the frames that the fuzzer detected up to that moment. It is a second hand filtering to separate the true positive from the false positive frames. In case  a frame is positive, i.e., causes a DoS to the associated STA, an exploit is being produced automatically.\n  STEP4: DoS802.11 exits when the log files have been considered.  **The rest to modules are currently in BETA mode.  Vulnerabilities  So far, the fuzzer managed to identify the following CVE IDs, by exploiting different Management frames:      CVE IDs  Vulnerable Devices/Chipsets  WPA2/WPA3-SAE  Status  Score      CVE-2022-32654 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32654)  mt5221/mt7603/mt7613\nmt7615/mt7622/mt7628\nmt7629/mt7663/mt7668\nmt7682/mt7686/mt7687\nmt7697/mt7902/mt7915\nmt7916/mt7921/mt7933\nmt7981/mt7986/mt8167S\nmt8175/mt8362A/mt8365\nmt8385/mt8518S/mt8532\nmt8695/mt8696/mt8788  Both  Published  6.7 (Medium)      CVE-2022-32655 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32655)  mt5221/mt7603/mt7613\nmt7615/mt7622/mt7628\nmt7629/mt7663/mt7668\nmt7682/mt7686/mt7687\nmt7697/mt7902/mt7915\nmt7916/mt7921/mt7933\nmt7981/mt7986/mt8167S\nmt8175/mt8362A/mt8365\nmt8385/mt8518S/mt8532\nmt8695/mt8696/mt8788  Both  Published  6.7 (Medium)      CVE-2022-32656 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32656)  mt5221/mt7603/mt7613\nmt7615/mt7622/mt7628\nmt7629/mt7663/mt7668\nmt7682/mt7686/mt7687\nmt7697/mt7902/mt7915\nmt7916/mt7921/mt7933\nmt7981/mt7986/mt8167S\nmt8175/mt8362A/mt8365\nmt8385/mt8518S/mt8532\nmt8695/mt8696/mt8788  Both  Published  6.7 (Medium)      CVE-2022-32657 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32657)  mt7603/mt7613/mt7615\nmt7622/mt7628/mt7629\nmt7915/mt7916/mt7981\nmt7986  Both  Published  6.7 (Medium)      CVE-2022-32658 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32658)  mt7603/mt7613/mt7615\nmt7622/mt7628/mt7629\nmt7915/mt7916/mt7981\nmt7986  Both  Published  6.7 (Medium)      CVE-2022-32659 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32659)  mt7603/mt7613/mt7615\nmt7622/mt7628/mt7629\nmt7915/mt7916/mt7981\nmt7986/mt8518s/mt8532  Both  Published  6.7 (Medium)      CVE-2022-46740 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46740)  WS7100-20  Both  Published  6.5 (Medium)      We would like also to thank the MediaTek and Huawei security teams, for acknowledging and fixing these security issues, as stated in the following two security advisories: MediaTek (https://corp.mediatek.com/product-security-acknowledgements) and Huawei (https://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-dosvihswr-8f632df1-en).  Moreover, by following the methodology of the work titled \"How is your Wi-Fi connection today? DoS attacks on WPA3-SAE\" (https://www.sciencedirect.com/science/article/pii/S221421262100243X), the fuzzer can identify the same SAE vulnerabilities (https://www.kitploit.com/search/label/vulnerabilities) which are linked to the below CVE IDs:      CVE IDs  Vulnerable Devices/Chipsets  WPA2/WPA3-SAE  Status  Score      CVE-2021-37910 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37910)  All ASUS RX-based models  WPA3-SAE  Published  5.3 (medium)      CVE-2021-40288 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40288)  AX10v1  WPA3-SAE  Published  7.5 (high)      CVE-2021-41753 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41753)  DIR-x1560/DIR-X6060  WPA3-SAE  Published  7.5 (high)      CVE-2021-41788 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41788)  mt7603E/mt7612/mt7613\nmt7615/mt7622/mt7628", "creation_timestamp": "2023-07-10T13:19:09.000000Z"}, {"uuid": "f712ca77-a7c4-49bb-b72a-9aaba142c208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4178", "type": "seen", "source": "https://t.me/cibsecurity/48665", "content": "\u203c CVE-2021-4178 \u203c\n\nA arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T20:22:59.000000Z"}, {"uuid": "7179b5be-ed5f-4a8f-bd7e-36d0d1d4f968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41789", "type": "seen", "source": "https://t.me/cibsecurity/34928", "content": "\u203c CVE-2021-41789 \u203c\n\nIn wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T18:39:23.000000Z"}, {"uuid": "27dbfc29-c4f3-4b1e-a5bc-63d9e04e393e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41788", "type": "seen", "source": "https://t.me/cibsecurity/34626", "content": "\u203c CVE-2021-41788 \u203c\n\nMediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-26T02:22:23.000000Z"}]}