cvelistv5 - cve-2019-6496

CVE-2019-6496 (GCVE-0-2019-6496)

Vulnerability from cvelistv5

Published

2019-01-19 17:00

Modified

2024-08-04 20:23

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://www.securityfocus.com/bid/106865	Third Party Advisory, VDB Entry
cve@mitre.org	https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf	Exploit, Third Party Advisory
cve@mitre.org	https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/730261/	Third Party Advisory, US Government Resource
cve@mitre.org	https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement	Third Party Advisory
cve@mitre.org	https://www.synology.com/security/advisory/Synology_SA_19_07	Third Party Advisory
cve@mitre.org	https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/	Exploit, Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106865	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/730261/	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/	Exploit, Press/Media Coverage, Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
          },
          {
            "name": "106865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106865"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
          },
          {
            "name": "VU#730261",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/730261/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-23T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
        },
        {
          "name": "106865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106865"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
        },
        {
          "name": "VU#730261",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/730261/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement",
              "refsource": "CONFIRM",
              "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
            },
            {
              "name": "106865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106865"
            },
            {
              "name": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf",
              "refsource": "MISC",
              "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
            },
            {
              "name": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/",
              "refsource": "MISC",
              "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
            },
            {
              "name": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/",
              "refsource": "MISC",
              "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_07",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
            },
            {
              "name": "VU#730261",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/730261/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6496",
    "datePublished": "2019-01-19T17:00:00",
    "dateReserved": "2019-01-19T00:00:00",
    "dateUpdated": "2024-08-04T20:23:21.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6496\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-20T20:29:00.917\",\"lastModified\":\"2024-11-21T04:46:33.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.\"},{\"lang\":\"es\",\"value\":\"El firmware basado en ThreadX de los dispositivos wifi de Marvell Avastar, en modelos 88W8787, 88W8797, 88W8801, 88W8897 y 88W8997, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio (desbordamiento del grupo de bloques) mediante paquetes wifi mal formados durante la identificaci\u00f3n de redes wifi disponibles. La explotaci\u00f3n del dispositivo wifi puede conducir a la explotaci\u00f3n del procesador de la aplicaci\u00f3n host en algunos casos, pero esto depende de varios factores, incluyendo el bastionado del sistema operativo del host y la disponibilidad de DMA.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marvell:88w8787_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F39F8E8-71BA-4B65-B9ED-A77C22ACC347\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marvell:88w8787:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A318BA-DA8C-4187-83C1-DF33F22ADAB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marvell:88w8797_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F09820C5-1236-4CF7-82C1-51BEA0CC6F23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marvell:88w8797:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EDA2773-64A7-4542-AFA5-C50E98B1D777\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marvell:88w8801_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"503E5BD9-C74D-4EE3-8D24-67D775A1F7B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marvell:88w8801:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51299556-10BC-4777-9F87-99F16B73802C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marvell:88w8897_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C579C09-DCDA-4CD7-BCD8-2B0F189956F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marvell:88w8897:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A658EA96-AF63-4525-ADE3-25A4D8D6ED23\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marvell:88w8997_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"529F148A-520B-4191-99D3-9C77074347CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marvell:88w8997:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83D596AB-60EB-4E71-9D17-D01B1DD12DAD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/730261/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/730261/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]}]}}"
  }
}

ghsa-vx6q-ffvw-7c86

Vulnerability from github

Published

2022-05-13 01:22

Modified

2022-05-13 01:22

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-20T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.",
  "id": "GHSA-vx6q-ffvw-7c86",
  "modified": "2022-05-13T01:22:43Z",
  "published": "2022-05-13T01:22:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6496"
    },
    {
      "type": "WEB",
      "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
    },
    {
      "type": "WEB",
      "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/730261"
    },
    {
      "type": "WEB",
      "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
    },
    {
      "type": "WEB",
      "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106865"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2019-6496

Vulnerability from fkie_nvd

Published

2019-01-20 20:29

Modified

2024-11-21 04:46

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/106865	Third Party Advisory, VDB Entry
cve@mitre.org	https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf	Exploit, Third Party Advisory
cve@mitre.org	https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/730261/	Third Party Advisory, US Government Resource
cve@mitre.org	https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement	Third Party Advisory
cve@mitre.org	https://www.synology.com/security/advisory/Synology_SA_19_07	Third Party Advisory
cve@mitre.org	https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/	Exploit, Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106865	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/730261/	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/	Exploit, Press/Media Coverage, Third Party Advisory

Impacted products

Vendor	Product	Version
marvell	88w8787_firmware	-
marvell	88w8787	-
marvell	88w8797_firmware	-
marvell	88w8797	-
marvell	88w8801_firmware	-
marvell	88w8801	-
marvell	88w8897_firmware	-
marvell	88w8897	-
marvell	88w8997_firmware	-
marvell	88w8997	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:marvell:88w8787_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F39F8E8-71BA-4B65-B9ED-A77C22ACC347",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:marvell:88w8787:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A318BA-DA8C-4187-83C1-DF33F22ADAB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:marvell:88w8797_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09820C5-1236-4CF7-82C1-51BEA0CC6F23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:marvell:88w8797:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDA2773-64A7-4542-AFA5-C50E98B1D777",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:marvell:88w8801_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "503E5BD9-C74D-4EE3-8D24-67D775A1F7B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:marvell:88w8801:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51299556-10BC-4777-9F87-99F16B73802C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:marvell:88w8897_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C579C09-DCDA-4CD7-BCD8-2B0F189956F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:marvell:88w8897:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A658EA96-AF63-4525-ADE3-25A4D8D6ED23",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:marvell:88w8997_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "529F148A-520B-4191-99D3-9C77074347CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:marvell:88w8997:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D596AB-60EB-4E71-9D17-D01B1DD12DAD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA."
    },
    {
      "lang": "es",
      "value": "El firmware basado en ThreadX de los dispositivos wifi de Marvell Avastar, en modelos 88W8787, 88W8797, 88W8801, 88W8897 y 88W8997, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio (desbordamiento del grupo de bloques) mediante paquetes wifi mal formados durante la identificaci\u00f3n de redes wifi disponibles. La explotaci\u00f3n del dispositivo wifi puede conducir a la explotaci\u00f3n del procesador de la aplicaci\u00f3n host en algunos casos, pero esto depende de varios factores, incluyendo el bastionado del sistema operativo del host y la disponibilidad de DMA."
    }
  ],
  "id": "CVE-2019-6496",
  "lastModified": "2024-11-21T04:46:33.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-20T20:29:00.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/730261/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/730261/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2019-02489

Vulnerability from cnvd

Title

Marvell Avastar Wi-Fi代码执行漏洞

Description

Marvell Avastar Wi-Fi是一款使用在路由器、电脑等设备中的WiFi芯片组。 Marvell Avastar Wi-Fi上的基于ThreadX的固件中存在安全漏洞。在扫描有效网络时，远程攻击者可借助畸形的Wi-Fi数据包利用该漏洞执行任意代码或造成拒绝服务。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.marvell.com/

Reference

https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

Impacted products

Name
Marvell Avastar Wi-Fi

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6496",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6496"
    }
  },
  "description": "Marvell Avastar Wi-Fi\u662f\u4e00\u6b3e\u4f7f\u7528\u5728\u8def\u7531\u5668\u3001\u7535\u8111\u7b49\u8bbe\u5907\u4e2d\u7684WiFi\u82af\u7247\u7ec4\u3002\n\nMarvell Avastar Wi-Fi\u4e0a\u7684\u57fa\u4e8eThreadX\u7684\u56fa\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5728\u626b\u63cf\u6709\u6548\u7f51\u7edc\u65f6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7578\u5f62\u7684Wi-Fi\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.marvell.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-02489",
  "openTime": "2019-01-23",
  "products": {
    "product": "Marvell Avastar Wi-Fi"
  },
  "referenceLink": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/",
  "serverity": "\u9ad8",
  "submitTime": "2019-01-22",
  "title": "Marvell Avastar Wi-Fi\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA. plural Marvell Made Avastar wireless SoC The model includes Wi-Fi Multiple vulnerabilities exist including memory block pool overflow during network scans. ZeroNights 2018 Conference In Marvell Avastar SoC Several vulnerabilities were introduced and details about memory block pool overflow were announced. Wi-Fi An overflow condition occurs during a network scan, overwriting data in a specific memory block pool. Many devices automatically perform network scanning in the background, so this vulnerability can be exploited regardless of whether the target device is connected to a wireless network and without user intervention. There is a possibility.Wi-Fi Specially crafted by unauthenticated attackers within reach of Wi-Fi Using frames Marvell SoC Arbitrary code may be executed on systems with. Depending on the implementation method, it was attacked SoC Can be used to intercept network traffic and execute code on the host system. MarvellAvastar Wi-Fi is a WiFi chipset used in routers, computers and other devices. A security hole exists in the ThreadX-based firmware on MarvellAvastar Wi-Fi. Multiple Marvell SOCs are prone to arbitrary code-execution vulnerabilities. An attacker can leverage these issues to execute arbitrary code in the context of the affected system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0078",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "88w8787",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "88w8801",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "88w8897",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "88w8797",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "88w8997",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell semiconductor",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "valve",
        "version": null
      },
      {
        "model": "avastar 88w8787",
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "avastar 88w8797",
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "avastar 88w8801",
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "avastar 88w8897",
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "avastar 88w8997",
        "scope": null,
        "trust": 0.8,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "avastar wi-fi",
        "scope": null,
        "trust": 0.6,
        "vendor": "marvell",
        "version": null
      },
      {
        "model": "surface pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "30"
      },
      {
        "model": "88w8897",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "marvell",
        "version": "0"
      },
      {
        "model": "88w8801",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "marvell",
        "version": "0"
      },
      {
        "model": "88w8797",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "marvell",
        "version": "0"
      },
      {
        "model": "88w8787",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "marvell",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:marvell:avastar_88w8787",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:marvell:avastar_88w8797",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:marvell:avastar_88w8801",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:marvell:avastar_88w8897",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:marvell:avastar_88w8997",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Denis Selianin",
    "sources": [
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-6496",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2019-6496",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 8.3,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "COMPLETE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 4.6,
            "exploitability": "UNPROVEN",
            "exploitabilityScore": 6.5,
            "id": "CVE-2019-6496",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "MEDIUM",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vector_string": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "JPCERT/CC",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-001212",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-02489",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "VHN-157931",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-6496",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "JPCERT/CC",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-001212",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6496",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6496",
            "trust": 0.8,
            "value": "HIGH"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2019-001212",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-02489",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-765",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157931",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA. plural Marvell Made Avastar wireless SoC The model includes Wi-Fi Multiple vulnerabilities exist including memory block pool overflow during network scans. ZeroNights 2018 Conference In Marvell Avastar SoC Several vulnerabilities were introduced and details about memory block pool overflow were announced. Wi-Fi An overflow condition occurs during a network scan, overwriting data in a specific memory block pool. Many devices automatically perform network scanning in the background, so this vulnerability can be exploited regardless of whether the target device is connected to a wireless network and without user intervention. There is a possibility.Wi-Fi Specially crafted by unauthenticated attackers within reach of Wi-Fi Using frames Marvell SoC Arbitrary code may be executed on systems with. Depending on the implementation method, it was attacked SoC Can be used to intercept network traffic and execute code on the host system. MarvellAvastar Wi-Fi is a WiFi chipset used in routers, computers and other devices. A security hole exists in the ThreadX-based firmware on MarvellAvastar Wi-Fi. Multiple Marvell SOCs are prone to arbitrary code-execution vulnerabilities. \nAn attacker can leverage these issues to execute arbitrary code in the context of the affected system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      },
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6496",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#730261",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "106865",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU92674930",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "id": "VAR-201901-0078",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      }
    ],
    "trust": 1.5
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:48:30.999000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WiFi CVE-2019-6496 Marvell\u0027s Statement",
        "trust": 0.8,
        "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
      },
      {
        "title": "Surface Pro (5th Gen) update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4037238/surface-surface-pro-update-history"
      },
      {
        "title": "Surface Pro 4 update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history"
      },
      {
        "title": "Surface Studio (1st Gen) update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023490/surface-surface-studio-update-history"
      },
      {
        "title": "Surface Pro 3 update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023484/surface-surface-pro-3-update-history"
      },
      {
        "title": "Surface 3 update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023487/surface-surface-3-update-history"
      },
      {
        "title": "Surface Book 2 update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4055398/surface-book-2-update-history"
      },
      {
        "title": "Surface Book update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023488/surface-surface-book-update-history"
      },
      {
        "title": "Surface Laptop (1st Gen) update history",
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4037237/surface-surface-laptop-update-history"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.9,
        "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
      },
      {
        "trust": 3.3,
        "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-researching-marvell-avastar-wi-fi.pdf"
      },
      {
        "trust": 2.9,
        "url": "http://www.securityfocus.com/bid/106865"
      },
      {
        "trust": 2.8,
        "url": "https://www.scribd.com/document/398350818/wifi-cve-2019-6496-marvell-s-statement"
      },
      {
        "trust": 2.0,
        "url": "https://www.kb.cert.org/vuls/id/730261/"
      },
      {
        "trust": 1.7,
        "url": "https://www.synology.com/security/advisory/synology_sa_19_07"
      },
      {
        "trust": 1.7,
        "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
      },
      {
        "trust": 1.6,
        "url": "https://www.marvell.com/documents/pub6kqag6uk6ubau75ep/"
      },
      {
        "trust": 0.8,
        "url": "https://youtu.be/him_lf5zj38"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/kaloz/mwlwifi/issues/344"
      },
      {
        "trust": 0.8,
        "url": "https://twitter.com/wdormann/status/1093941091043291136"
      },
      {
        "trust": 0.8,
        "url": "https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6496"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92674930/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6496"
      },
      {
        "trust": 0.8,
        "url": "https://kb.cert.org/vuls/id/730261/"
      },
      {
        "trust": 0.8,
        "url": "https://www.youtube.com/watch?v=him_lf5zj38\u0026feature=youtu.be"
      },
      {
        "trust": 0.3,
        "url": "http://www.marvell.com/"
      },
      {
        "trust": 0.3,
        "url": "https://support.microsoft.com/en-us/help/4023484/surface-surface-pro-3-update-history"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "db": "BID",
        "id": "106865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "date": "2019-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "date": "2019-02-05T00:00:00",
        "db": "BID",
        "id": "106865"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "date": "2019-01-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "date": "2019-01-20T20:29:00.917000",
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#730261"
      },
      {
        "date": "2019-01-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-02489"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157931"
      },
      {
        "date": "2019-02-05T00:00:00",
        "db": "BID",
        "id": "106865"
      },
      {
        "date": "2019-09-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001212"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      },
      {
        "date": "2024-11-21T04:46:33.307000",
        "db": "NVD",
        "id": "CVE-2019-6496"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marvell Avastar wireless SoCs have multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#730261"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-765"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6496

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6496

Aliases

CVE-2019-6496

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6496",
    "description": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.",
    "id": "GSD-2019-6496"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6496"
      ],
      "details": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.",
      "id": "GSD-2019-6496",
      "modified": "2023-12-13T01:23:49.797021Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-6496",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement",
            "refsource": "CONFIRM",
            "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
          },
          {
            "name": "106865",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106865"
          },
          {
            "name": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf",
            "refsource": "MISC",
            "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
          },
          {
            "name": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/",
            "refsource": "MISC",
            "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
          },
          {
            "name": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/",
            "refsource": "MISC",
            "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_19_07",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
          },
          {
            "name": "VU#730261",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/730261/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:marvell:88w8787_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:marvell:88w8787:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:marvell:88w8797_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:marvell:88w8797:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:marvell:88w8801_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:marvell:88w8801:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:marvell:88w8897_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:marvell:88w8897:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:marvell:88w8997_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:marvell:88w8997:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6496"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Press/Media Coverage",
                "Third Party Advisory"
              ],
              "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/"
            },
            {
              "name": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/"
            },
            {
              "name": "106865",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106865"
            },
            {
              "name": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement"
            },
            {
              "name": "VU#730261",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/730261/"
            },
            {
              "name": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_07",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_07"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-01-20T20:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6496 (GCVE-0-2019-6496)

Vulnerability from cvelistv5

ghsa-vx6q-ffvw-7c86

Vulnerability from github

fkie_cve-2019-6496

Vulnerability from fkie_nvd

cnvd-2019-02489

Vulnerability from cnvd

var-201901-0078

Vulnerability from variot

gsd-2019-6496

Vulnerability from gsd

Tags

Sightings

Nomenclature