The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| ieee | ieee_802.11 | - | - |
| sonicwall | tz670_firmware | - | - |
| sonicwall | tz570_firmware | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
30
Affected Products
8
References
ieee / ieee_802.11
| - |
| sonicwall | tz570p_firmware | - | - |
| sonicwall | tz570w_firmware | - | - |
| sonicwall | tz470_firmware | - | - |
| sonicwall | tz470w_firmware | - | - |
| sonicwall | tz370_firmware | - | - |
| sonicwall | tz370w_firmware | - | - |
| sonicwall | tz270_firmware | - | - |
| sonicwall | tz270w_firmware | - | - |
| sonicwall | tz600_firmware | - | - |
| sonicwall | tz600p_firmware | - | - |
| sonicwall | tz500_firmware | - | - |
| sonicwall | tz500w_firmware | - | - |
| sonicwall | tz400_firmware | - | - |
| sonicwall | tz400w_firmware | - | - |
| sonicwall | tz350_firmware | - | - |
| sonicwall | tz350w_firmware | - | - |
| sonicwall | tz300_firmware | - | - |
| sonicwall | tz300p_firmware | - | - |
| sonicwall | tz300w_firmware | - | - |
| sonicwall | soho_250_firmware | - | - |
| sonicwall | soho_250w_firmware | - | - |
| sonicwall | sonicwave_231c_firmware | - | - |
| sonicwall | sonicwave_224w_firmware | - | - |
| sonicwall | sonicwave_432o_firmware | - | - |
| sonicwall | sonicwave_621_firmware | - | - |
| sonicwall | sonicwave_641_firmware | - | - |
| sonicwall | sonicwave_681_firmware | - | - |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact