W1fi
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any W1fi product.
RSS Feeds for W1fi security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in W1fi products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by W1fi Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in W1fi. Last year, in 2024 W1fi had 1 security vulnerability published. Right now, W1fi is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 9.80 |
| 2021 | 2 | 6.40 |
| 2020 | 2 | 7.50 |
| 2019 | 11 | 6.61 |
| 2018 | 1 | 6.50 |
It may take a day or so for new W1fi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent W1fi Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-5290 | Aug 07, 2024 |
Ubuntu wpa_supplicant Unprivileged Module Load Escalates to RootAn issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. |
Wpa Supplicant
|
| CVE-2022-23303 | Jan 17, 2022 |
The implementations of SAE in hostapd before 2.10 and wpa_suppliThe implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. |
Hostapd
Wpa Supplicant
|
| CVE-2022-23304 | Jan 17, 2022 |
The implementations of EAP-pwd in hostapd before 2.10 and wpa_suppliThe implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. |
Hostapd
Wpa Supplicant
|
| CVE-2021-30004 | Apr 02, 2021 |
In wpa_supplicant and hostapd 2.9, forging attacks may occurIn wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
Hostapd
Wpa Supplicant
|
| CVE-2021-27803 | Feb 26, 2021 |
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requestsA vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. |
Wpa Supplicant
|
| CVE-2020-12695 | Jun 08, 2020 |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URLThe Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
Hostapd
|
| CVE-2019-10064 | Feb 28, 2020 |
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() callhostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. |
Hostapd
|
| CVE-2019-5061 | Dec 12, 2019 |
An exploitable denial-of-service vulnerability exists in the hostapd 2.6An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. |
Hostapd
|
| CVE-2019-5062 | Dec 12, 2019 |
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessionsAn exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. |
Hostapd
|
| CVE-2019-16275 | Sep 12, 2019 |
hostapd before 2.10 and wpa_supplicant before 2.10hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. |
Hostapd
Wpa Supplicant
|