CVE-2019-6496

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

El firmware basado en ThreadX de los dispositivos wifi de Marvell Avastar, en modelos 88W8787, 88W8797, 88W8801, 88W8897 y 88W8997, permite que los atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento del grupo de bloques) mediante paquetes wifi mal formados durante la identificación de redes wifi disponibles. La explotación del dispositivo wifi puede conducir a la explotación del procesador de la aplicación host en algunos casos, pero esto depende de varios factores, incluyendo el bastionado del sistema operativo del host y la disponibilidad de DMA.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-19 CVE Reserved
2019-01-19 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2024-11-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (7)

URL	Tag	Source
http://www.securityfocus.com/bid/106865	Third Party Advisory
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce	Third Party Advisory
https://www.kb.cert.org/vuls/id/730261	Third Party Advisory
https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement	Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_07	Third Party Advisory

URL	Date	SRC
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf	2024-08-04
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Marvell Search vendor "Marvell"	88w8787 Firmware Search vendor "Marvell" for product "88w8787 Firmware"	-	-	Affected	in	Marvell Search vendor "Marvell"	88w8787 Search vendor "Marvell" for product "88w8787"	-	-	Safe
Marvell Search vendor "Marvell"	88w8797 Firmware Search vendor "Marvell" for product "88w8797 Firmware"	-	-	Affected	in	Marvell Search vendor "Marvell"	88w8797 Search vendor "Marvell" for product "88w8797"	-	-	Safe
Marvell Search vendor "Marvell"	88w8801 Firmware Search vendor "Marvell" for product "88w8801 Firmware"	-	-	Affected	in	Marvell Search vendor "Marvell"	88w8801 Search vendor "Marvell" for product "88w8801"	-	-	Safe
Marvell Search vendor "Marvell"	88w8897 Firmware Search vendor "Marvell" for product "88w8897 Firmware"	-	-	Affected	in	Marvell Search vendor "Marvell"	88w8897 Search vendor "Marvell" for product "88w8897"	-	-	Safe
Marvell Search vendor "Marvell"	88w8997 Firmware Search vendor "Marvell" for product "88w8997 Firmware"	-	-	Affected	in	Marvell Search vendor "Marvell"	88w8997 Search vendor "Marvell" for product "88w8997"	-	-	Safe