Vulnerability Description
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Espressif | Esp32 Firmware | <= 4.2 |
| Espressif | Esp32 | - |
References
- https://github.com/E7merThird Party Advisory
- https://github.com/E7mer/OWFuzzExploitThird Party Advisory
- https://github.com/E7merThird Party Advisory
- https://github.com/E7mer/OWFuzzExploitThird Party Advisory
FAQ
What is CVE-2021-34173?
CVE-2021-34173 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.
How severe is CVE-2021-34173?
CVE-2021-34173 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34173?
Check the references section above for vendor advisories and patch information. Affected products include: Espressif Esp32 Firmware, Espressif Esp32.