cve-2021-1965's Introduction

CVE-2021-1965

CVE-2021-1965 WiFi Zero Click RCE Trigger PoC

Compile: make

BE SURE THAT monitor mode is enabled on your wifi card and interface name is updated here:

https://github.com/parsdefense/CVE-2021-1965/blob/main/CVE-2021-1965-poc.c#L158

This is a quick&dirty Proof-of-Concept code to verify if your phone is vulnerable. After running the poc code, your phone is supposed to crash&reboot within seconds. In case you need more info about the bug & vulnerable code, here you are:

Description: Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse

During multiple BSSID scan ie parse, there is memory allocation on new_ie variable of size 1024 which may create buffer overflow in util_gen_new_ie() if ie length is greater than 1024.

https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=a426e5e1668fff3dfe8bde777a9340cbc129f8df

cve-2021-1965's People

Contributors

Stargazers

Watchers

cve-2021-1965's Issues

Segmentation fault

$ ./poc
Segmentation fault
$ gdb ./poc
...
Reading symbols from ./poc...
(gdb) r
Starting program: /home/user/CVE-2021-1965/poc 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00005555555557f1 in main () at CVE-2021-1965-poc.c:289
289             mbssidp->len = convert_to_hex(sizeof(sub_info)+3);              // 3 is sub_id+sub_len+max_bssid;

parsdefense / cve-2021-1965 Goto Github PK

cve-2021-1965's Introduction

CVE-2021-1965

cve-2021-1965's People

Contributors

Stargazers

Watchers

Forkers

cve-2021-1965's Issues

Segmentation fault

Compile problem

Get shell

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent