CVE-2019-5062

MEDIUM

Hostapd 2.6 - DoS

Title source: llm

Description

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.

References (1)

[Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-346 CWE-440

Status published

Affected Products (1)

w1.fi/hostapd

Timeline

Published Dec 12, 2019

Tracked Since Feb 18, 2026