CVE-2022-37660
MEDIUM EPSS 25.7%
Published Feb 11, 20251y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Feb 11, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
25.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-323
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| w1.fi | hostapd | * | ≤2.10 |
References 3
- link.springer.com https://link.springer.com/article/10.1007/s10207-025-00988-3
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html
- w1.fi https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4
Remediation
- w1.fi https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4