Vulnerability Description
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | >= 6.5.4.0, <= 8.10.0.21 |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
| Arubanetworks | 9004 | - |
| Arubanetworks | 9004-Lte | - |
| Arubanetworks | 9012 | - |
| Arubanetworks | 9106 | - |
| Arubanetworks | 9114 | - |
| Arubanetworks | 9240 | - |
| Arubanetworks | Ap-634 | - |
| Arubanetworks | Ap-635 | - |
| Arubanetworks | Ap-654 | - |
| Arubanetworks | Ap-655 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-23809?
CVE-2026-23809 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual port...
How severe is CVE-2026-23809?
CVE-2026-23809 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23809?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7010, Arubanetworks 7030, Arubanetworks 7205, Arubanetworks 7210.