CVE-2017-11120

CRITICAL

Broadcom BCM4355C0 Wi-Fi Firmware 9.44.78.27.0.1.56 - Buffer Overflow via Malformed RRM Neighbor Report Frame

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11120. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a vulnerability in the Wi-Fi firmware of iPhone 7 devices running iOS versions up to 10.3.3. It achieves remote code execution by injecting a backdoor into the firmware via crafted 802.11 action frames, allowing remote read/write access to the Wi-Fi chip.

Description

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textremoteios

https://www.exploit-db.com/exploits/42784

View Code ZIP pw:eip

This exploit targets a vulnerability in the Wi-Fi firmware of iPhone 7 devices running iOS versions up to 10.3.3. It achieves remote code execution by injecting a backdoor into the firmware via crafted 802.11 action frames, allowing remote read/write access to the Wi-Fi chip.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: iOS Wi-Fi firmware (up to 10.3.3)

No auth needed

Prerequisites: SoftMAC Wi-Fi dongle (e.g., TL-WN722N) · Modified hostapd with 802.11k RRM support · Target device connected to the malicious network

MITRE ATT&CK