// For flags

CVE-2019-6496

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

El firmware basado en ThreadX de los dispositivos wifi de Marvell Avastar, en modelos 88W8787, 88W8797, 88W8801, 88W8897 y 88W8997, permite que los atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento del grupo de bloques) mediante paquetes wifi mal formados durante la identificación de redes wifi disponibles. La explotación del dispositivo wifi puede conducir a la explotación del procesador de la aplicación host en algunos casos, pero esto depende de varios factores, incluyendo el bastionado del sistema operativo del host y la disponibilidad de DMA.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-19 CVE Reserved
  • 2019-01-19 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-11-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Marvell
Search vendor "Marvell"
88w8787 Firmware
Search vendor "Marvell" for product "88w8787 Firmware"
--
Affected
in Marvell
Search vendor "Marvell"
88w8787
Search vendor "Marvell" for product "88w8787"
--
Safe
Marvell
Search vendor "Marvell"
88w8797 Firmware
Search vendor "Marvell" for product "88w8797 Firmware"
--
Affected
in Marvell
Search vendor "Marvell"
88w8797
Search vendor "Marvell" for product "88w8797"
--
Safe
Marvell
Search vendor "Marvell"
88w8801 Firmware
Search vendor "Marvell" for product "88w8801 Firmware"
--
Affected
in Marvell
Search vendor "Marvell"
88w8801
Search vendor "Marvell" for product "88w8801"
--
Safe
Marvell
Search vendor "Marvell"
88w8897 Firmware
Search vendor "Marvell" for product "88w8897 Firmware"
--
Affected
in Marvell
Search vendor "Marvell"
88w8897
Search vendor "Marvell" for product "88w8897"
--
Safe
Marvell
Search vendor "Marvell"
88w8997 Firmware
Search vendor "Marvell" for product "88w8997 Firmware"
--
Affected
in Marvell
Search vendor "Marvell"
88w8997
Search vendor "Marvell" for product "88w8997"
--
Safe