|
|
|
|
|
|
by eknoes
1344 days ago
|
|
|
I found the vulnerabilities, but am no expert for the Wifi stack. DoSing is now "easy" as you say, just send those frames and a Linux computer that is currently listening to the network (e.g. scanning for networks) and thus processes the Beacon frames will at least crash. It might be the case that some wifi chips will filter those invalid frames or crash themselves, that depends on the actual hardware / firmware. The victim must not be connected to a malicious AP or similar, so there is no requirement for tricking a user into something. RCE is not trivial at all, but due to the nature of the different faults, might be possible. Therefore, see e.g. Mathy Vanhoef who discovered several impressive Wifi vulnerabilities in the past: https://twitter.com/vanhoefm/status/1580675615992451072 |
|
|