Sign-up

ID

VAR-201704-1478


CVE

CVE-2017-6956


TITLE

Broadcom Wi-Fi HardMAC SoC of fbt Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002957

DESCRIPTION

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). Broadcom Wi-Fi HardMAC SoC of fbt The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Broadcom Wi-Fi HardMAC SoC is a chip produced by Broadcom (Broadcom) for processing PHY and MAC layer processes. A stack buffer overflow vulnerability exists in Broadcom Wi-Fi HardMAC SoCs using fbt firmware. A remote attacker could exploit this vulnerability to execute code

Trust: 1.71

sources: NVD: CVE-2017-6956 // JVNDB: JVNDB-2017-002957 // VULHUB: VHN-115159

IOT TAXONOMY

category:['network device', 'embedded device']sub_category:Wi-Fi router

Trust: 0.1

category:['network device', 'embedded device']sub_category:SoC

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:broadcommodel:hardmac wi-fi socscope:eqversion:6.37.34.40

Trust: 1.6

vendor:broadcommodel:hardmac wi-fi socscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-002957 // CNNVD: CNNVD-201704-238 // NVD: CVE-2017-6956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6956
value: HIGH

Trust: 1.0

NVD: CVE-2017-6956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-238
value: HIGH

Trust: 0.6

VULHUB: VHN-115159
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6956
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115159
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6956
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115159 // JVNDB: JVNDB-2017-002957 // CNNVD: CNNVD-201704-238 // NVD: CVE-2017-6956

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115159 // JVNDB: JVNDB-2017-002957 // NVD: CVE-2017-6956

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201704-238

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-238

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002957

PATCH
title:Top Pageurl:https://jp.broadcom.com/
Trust: 0.8
title:Issue 1059url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Trust: 0.8
title:Broadcom Wi-Fi HardMAC SoC Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69074
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002957 // 
            
            
            
            CNNVD: CNNVD-201704-238

EXTERNAL IDS
db:NVDid:CVE-2017-6956
Trust: 2.6
db:JVNDBid:JVNDB-2017-002957
Trust: 0.8
db:CNNVDid:CNNVD-201704-238
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-115159
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115159 // 
            
            
            
            JVNDB: JVNDB-2017-002957 // 
            
            
            
            CNNVD: CNNVD-201704-238 // 
            
            
            
            NVD: CVE-2017-6956

REFERENCES
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Trust: 1.7
url:https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6956
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6956
Trust: 0.8
url:https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115159 // 
            
            
            
            JVNDB: JVNDB-2017-002957 // 
            
            
            
            CNNVD: CNNVD-201704-238 // 
            
            
            
            NVD: CVE-2017-6956

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-115159
db:JVNDBid:JVNDB-2017-002957
db:CNNVDid:CNNVD-201704-238
db:NVDid:CVE-2017-6956

LAST UPDATE DATE
2025-04-20T22:11:23.505000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115159date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2017-002957date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-238date:2017-04-07T00:00:00
db:NVDid:CVE-2017-6956date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115159date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-002957date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-238date:2017-04-07T00:00:00
db:NVDid:CVE-2017-6956date:2017-04-05T14:59:00.370