Overview
Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan.
Description
A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures. Because many devices conduct automatic background network scans, this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction. |
Impact
An unauthenticated attacker within Wi-Fi radio range may be able to use a specially-crafted series of Wi-Fi frames execute arbitrary code on a system with a vulnerable Marvell SoC. Depending on implementation, the compromised SoC may then be used to intercept network traffic or achieve code execution on the host system. |
Solution
Marvell issued a statement and encourages customers to contact their Marvell representative for additional support. Microsoft issued an update to multiple Surface devices. See also the Vendor Information section below. |
Restrict physical access |
Vendor Information
Marvell Semiconductor Affected
Notified: January 04, 2019 Updated: March 18, 2019
Status
Affected
Vendor Statement
Marvell was made aware of a potential vulnerability (CVE-2019-6496), which was presented at the ZeroNights conference on November 21-22, 2018, with regard to our 88W8897 device. As Marvell places the highest priority on addressing security concerns, we immediately acted to understand the issue and implemented a fix.
In the presentation, detail was provided to manipulate the open-source Valve Steamlink platform to exploit a memory buffer overflow issue in the device firmware. Unlike this nonsecure
Valve Steamlink platform, the other systems mentioned in the presentation are all closed systems with high-level security protections in place such as DRM. As noted in the presenter’s blog, this would eliminate the ability for an individual to compromise the system
security:
“You may notice, that the majority of devices which use Marvell Wi-Fi are gaming devices, like PS 4 (maybe because of high-performance 802.11ac and Bluetooth COMBO). It’s difficult to research them because of the DRM protection.”
Marvell is not aware of any real world exploitation of this vulnerability outside of a controlled environment. Marvell deployed a fix to address this issue which we have made available in our standard driver and firmware. We have communicated to our direct customers to update to Marvell’s latest firmware and driver to get the most recent security enhancements, including support for WPA3.
Marvell encourages customers to contact their Marvell representative for additional support.
Vendor Information
Marvell issued a statement and encourages customers to contact their Marvell representative for additional support.
Vendor References
Microsoft Affected
Notified: January 04, 2019 Updated: March 11, 2019
Statement Date: January 08, 2019
Status
Affected
Vendor Statement
Please find below information related to Surface devices that includes Marvell AVASTAR firmware 15.68.9125.57.
Devices with this information:
[1] Surface 3 (Windows 10, version 1703 or greater)
[2] Surface Book (Windows 10 Fall Creators Update, version 1709 or greater)
[3] Surface Book 2 (Windows 10 Fall Creators Update, version 1709 or greater)
[4] Surface Laptop (1st Gen) (Windows 10 April 2018 Update, version 1803 or greater)
[5] Surface Studio (1st Gen) (Windows 10 Fall Creators Update (version 1709) or greater)
[6] Surface Pro (5th Gen) ((Model 1796 & Model 1807) devices running Windows 10 Fall Creators Update, build 1709 or greater:)
[7] Surface Pro 3 (Windows 10 Creators Update, version 1703 or greater)
[8] Surface Pro 4 (Windows 10 Fall Creators Update, version 1709 or greater)
Devices with no information about Marvell fixes (unfixed or unaffected):
* Surface Go
* Surface Go LTE
* Surface Studio 2
* Surface Pro
* Surface Pro 2
* Surface Pro 6
* Surface Laptop 2
* Surface 2
* Surface RT
Vendor Information
Microsoft issued multiple updates.
Vendor References
- https://support.microsoft.com/en-us/help/4036283/surface-surface-update-history
- https://support.microsoft.com/en-us/help/4023487/surface-surface-3-update-history
- https://support.microsoft.com/en-us/help/4023488/surface-surface-book-update-history
- https://support.microsoft.com/en-us/help/4055398/surface-book-2-update-history
- https://support.microsoft.com/en-us/help/4037237/surface-surface-laptop-update-history
- https://support.microsoft.com/en-us/help/4023490/surface-surface-studio-update-history
- https://support.microsoft.com/en-us/help/4037238/surface-surface-pro-update-history
- https://support.microsoft.com/en-us/help/4023484/surface-surface-pro-3-update-history
- https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history
Valve Affected
Notified: January 04, 2019 Updated: February 11, 2019
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AVM GmbH Not Affected
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Status
Not Affected
Vendor Statement
AVM products are not affected. We do not use any Marvell component in any of our products.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Apple Not Affected
Notified: February 12, 2019 Updated: February 25, 2019
Statement Date: February 22, 2019
Status
Not Affected
Vendor Statement
We have reviewed this report and determined that we are not affected by this issue.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aruba Networks Not Affected
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Status
Not Affected
Vendor Statement
I can confirm that Aruba is NOT affected by this.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Brocade Communication Systems Not Affected
Notified: February 12, 2019 Updated: April 19, 2019
Statement Date: March 19, 2019
Status
Not Affected
Vendor Statement
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these Marvell Avastar wireless system on chip models vulnerabilities.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Not Affected
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Status
Not Affected
Vendor Statement
Check Point Software Technologies is not vulnerable.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cisco Not Affected
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Status
Not Affected
Vendor Statement
Cisco has evaluated this vulnerability against its wireless portfolio and determined no Cisco product is affected by it. This assessment is valid for all Cisco enterprise products, Cisco SMB products and Cisco Meraki products.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Devicescape Not Affected
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Status
Not Affected
Vendor Statement
We do not have any driver level software, so this should have no impact on anything we do. Some of our customers may well be using affected Marvell chipsets, but they manage the OS and driver software themselves (we supply just the supplicant, usually in source code, for customers using our wireless supplicant solution).
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks Not Affected
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Status
Not Affected
Vendor Statement
I have confirmed that EXTR products are not vulnerable to this since we do not use the Marvell Avastar WiFi chips.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Not Affected
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Status
Not Affected
Vendor Statement
Fortinet has determined that no Fortinet products are affected by this. The assessment including all FortiAP (including U, C, S and W2 series) and Meru AP products.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks Not Affected
Notified: February 12, 2019 Updated: February 18, 2019
Statement Date: February 14, 2019
Status
Not Affected
Vendor Statement
We've evaluated our wireless products and we are not affected by this report.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Muonics, Inc. Not Affected
Notified: February 12, 2019 Updated: March 18, 2019
Status
Not Affected
Vendor Statement
Not vulnerable. Muonics, Inc. does not have any products using Marvell Avastar SoC.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Palo Alto Networks Not Affected
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 13, 2019
Status
Not Affected
Vendor Statement
Palo Alto Networks is not affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sierra Wireless Not Affected
Notified: February 12, 2019 Updated: February 12, 2019
Statement Date: February 12, 2019
Status
Not Affected
Vendor Statement
We do not use the Avastar chipset so according to Marvell's disclosure we are not affected by this issue.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Synology Not Affected
Notified: February 12, 2019 Updated: February 14, 2019
Statement Date: February 14, 2019
Status
Not Affected
Vendor Statement
We do not employ Marvell Avastar SoCs for our products. By convention, we will publish a security advisory after public disclosure.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubiquiti Networks Not Affected
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Status
Not Affected
Vendor Statement
Ubiquiti Networks products don't use Marvell Avast WiFi chips, consequently we were not affected by this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zyxel Not Affected
Notified: February 12, 2019 Updated: February 13, 2019
Statement Date: February 13, 2019
Status
Not Affected
Vendor Statement
Zyxel is not affected since we do not use the Marvell Avastar WiFi chips.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
A10 Networks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ADTRAN Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ANTlabs Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ARRIS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actelis Networks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actiontec Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aerohive Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AhnLab Inc Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AirWatch Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Akamai Technologies, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel-Lucent Enterprise Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alpine Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Amazon Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Android Open Source Project Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Appgate Network Security Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Arch Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Arista Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aspera Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AsusTek Computer Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Atheros Communications Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Barracuda Networks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belden Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belkin, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bell Canada Enterprises Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlackBerry Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Blue Coat Systems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlueCat Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Blunk Microsystems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Broadcom Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CA Technologies Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CMX Systems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CZ.NIC Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cambium Networks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ceragon Networks Inc Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cirpack Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Comcast Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Command Software Systems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Contiki OS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CoreOS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cradlepoint Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cricket Wireless Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell EMC Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell SecureWorks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DesktopBSD Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Deutsche Telekom Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Digi International Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DragonFly BSD Project Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ENEA Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EfficientIP SAS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Espressif Systems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
European Registry for Internet Domains Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Express Logic Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F-Secure Corporation Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fastly Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Force10 Networks Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Brocade Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD Project Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
GFI Software, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
GNU adns Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
GNU glibc Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Geexbox Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Gentoo Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Google Unknown
Notified: January 04, 2019 Updated: January 04, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Grandstream Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HP Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HTC Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HardenedBSD Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett Packard Enterprise Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Honeywell Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Huawei Technologies Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM, INC. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
INTEROP Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Illumos Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
InfoExpress, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Infoblox Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Inmarsat Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium - DHCP Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Interniche Technologies, inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
JH Software Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Joyent Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
LANCOM Systems GmbH Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
LG Electronics Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lancope Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lantronix Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lenovo Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Linksys Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lynx Software Technologies Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MediaTek Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Medtronic Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Men & Mice Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MetaSwitch Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Micro Focus Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microchip Technology Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microsoft Vulnerability Research Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MikroTik Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Miredo Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mitel Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Motorola, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NAS4Free Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NETSCOUT Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NIKSUN Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NLnet Labs Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBurner Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Netgear, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nexenta Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nixu Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nominum Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OleumTech Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OmniTI Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenBSD Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenConnect Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenDNS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenIndiana Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Oracle Corporation Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Oryx Embedded Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
PHPIDS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Paessler Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Peplink Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Philips Electronics Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
PowerDNS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Proxim, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Pulse Secure Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QLogic Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX Software Systems Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QUALCOMM Incorporated Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quadros Systems Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quantenna Communications Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Riverbed Technologies Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Rocket RTOS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Roku Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ruckus Wireless Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SMC Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SUSE Linux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SafeNet Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Memory Unknown
Notified: January 04, 2019 Updated: January 04, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Mobile Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Semiconductor Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secure64 Software Corporation Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SmoothWall Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SonicWall Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sonos Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: January 04, 2019 Updated: January 04, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sophos, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TCPWave Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TP-LINK Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Technicolor Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint Technologies Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Tizen Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Toshiba Commerce Solutions Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TrueOS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubuntu Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
VMware Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vertical Networks, Inc. Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
WizNET Technology Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Xiaomi Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Xilinx Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zebra Technologies Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zephyr Project Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
aep NETWORKS Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
dnsmasq Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eCosCentric Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eero Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
m0n0wall Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netsnmp Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netsnmpj Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
pfSense Unknown
Notified: February 12, 2019 Updated: February 12, 2019
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 6.1 | E:U/RL:OF/RC:C |
| Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
- https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
- https://youtu.be/Him_Lf5ZJ38
- https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
- https://www.marvell.com/documents/pub6kqag6uk6ubau75ep/
- https://github.com/kaloz/mwlwifi/issues/344
- https://twitter.com/wdormann/status/1093941091043291136
Acknowledgements
This vulnerability was presented by Denis Selianin at the ZeroNights 2018 conference.
This document was written by Will Dormann and David Warren.
Other Information
| CVE IDs: | CVE-2019-6496 |
| Date Public: | 2018-11-21 |
| Date First Published: | 2019-02-05 |
| Date Last Updated: | 2019-04-19 17:53 UTC |
| Document Revision: | 104 |