Vulnerability Description
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marvell | 88W8787 Firmware | - |
| Marvell | 88W8787 | - |
| Marvell | 88W8797 Firmware | - |
| Marvell | 88W8797 | - |
| Marvell | 88W8801 Firmware | - |
| Marvell | 88W8801 | - |
| Marvell | 88W8897 Firmware | - |
| Marvell | 88W8897 | - |
| Marvell | 88W8997 Firmware | - |
| Marvell | 88W8997 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106865Third Party AdvisoryVDB Entry
- https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-AExploitThird Party Advisory
- https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avaThird Party Advisory
- https://www.kb.cert.org/vuls/id/730261/Third Party AdvisoryUS Government Resource
- https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-StatementThird Party Advisory
- https://www.synology.com/security/advisory/Synology_SA_19_07Third Party Advisory
- https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routExploitPress/Media CoverageThird Party Advisory
- http://www.securityfocus.com/bid/106865Third Party AdvisoryVDB Entry
- https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-AExploitThird Party Advisory
- https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avaThird Party Advisory
- https://www.kb.cert.org/vuls/id/730261/Third Party AdvisoryUS Government Resource
- https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-StatementThird Party Advisory
- https://www.synology.com/security/advisory/Synology_SA_19_07Third Party Advisory
- https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routExploitPress/Media CoverageThird Party Advisory
FAQ
What is CVE-2019-6496?
CVE-2019-6496 is a vulnerability with a CVSS score of 8.8 (HIGH). The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (blo...
How severe is CVE-2019-6496?
CVE-2019-6496 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6496?
Check the references section above for vendor advisories and patch information. Affected products include: Marvell 88W8787 Firmware, Marvell 88W8787, Marvell 88W8797 Firmware, Marvell 88W8797, Marvell 88W8801 Firmware.