CVE-2024-42483
MEDIUM EPSS 21.7%
Published Sep 12, 20241y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Sep 12, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
21.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 2
CWE-345
CWE-349
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| espressif | esp-now | * | <2.5.2 |
References 2
- github.com https://github.com/espressif/esp-now/commit/4e30db50d541b2909d278ef0db05de1a3d7190ef
- github.com https://github.com/espressif/esp-now/security/advisories/GHSA-wf6q-c2xr-77xj
Remediation
- github.com https://github.com/espressif/esp-now/commit/4e30db50d541b2909d278ef0db05de1a3d7190ef