Description

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.

INFO

Published Date :

2024-09-12T14:12:18.128Z

Last Modified :

2024-09-12T16:46:16.388Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42483 vulnerability.

Vendors Products
Espressif
  • Esp-now
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42483.

URL Resource
https://github.com/espressif/esp-now/commit/4e30db50d541b2909d278ef0db05de1a3d7190ef cve-icon cve-icon
https://github.com/espressif/esp-now/security/advisories/GHSA-wf6q-c2xr-77xj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact