Synology-SA-19:07 Marvell Avastar SoC
Publish Time: 2019-02-15 18:03:26 UTC+8
Last Updated: 2019-02-15 18:03:26 UTC+8
- Not affected
CVE-2019-6496 allows remote attackers to conduct denial-of-service attacks or execute arbitrary code.
None of Synology's products are affected as CVE-2019-6496 only affects products equipped with Marvell Avastar SoC.
|Product||Severity||Fixed Release Availability|
|SRM 1.2||Not affected||N/A|
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.
|1||2019-02-15||Initial public release.|