CVE-2019-12586

MEDIUM

Espressif ESP-IDF 2.0.0-4.0.0 and ESP8266_NONOS_SDK 2.2.0-3.1.0 - Denial of Service via EAP Success Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12586. PoCs published by Matheus-Garbelini.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2019-12586, which crashes ESP32/ESP8266 devices connected to enterprise networks via malformed EAP frames. It includes a modified hostapd binary and source code to trigger the vulnerability, along with test client codes for validation.

Description

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Exploits (1)

nomisec WORKING POC 816 stars
by Matheus-Garbelini · poc
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

This repository contains functional exploit code for CVE-2019-12586, which crashes ESP32/ESP8266 devices connected to enterprise networks via malformed EAP frames. It includes a modified hostapd binary and source code to trigger the vulnerability, along with test client codes for validation.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: ESP32/ESP8266 SDKs (ESP-IDF v4.0-dev-459-gba1ff1692, NONOS-SDK v3.0-103-g7a31cb7)
No auth needed
Prerequisites: Wi-Fi interface capable of monitor mode, vulnerable ESP32/ESP8266 device, custom hostapd setup
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/espressif
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks
Exploit, Patch, Third Party Advisory x_refsource_misc
https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/

Scores

CVSS v3 6.5
EPSS 0.0235
EPSS Percentile 85.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (4)
espressif/arduino-esp32 1.0.3 (3 CPE variants)
espressif/arduino-esp32 < 1.0.2
espressif/esp-idf 2.0.0 - 4.0.0
espressif/esp8266_nonos_sdk 2.2.0 - 3.0.0
Published Sep 04, 2019
Tracked Since Feb 18, 2026