Synology-SA-19:07 Marvell Avastar SoC
Publish Time: 2019-02-15 18:03:26 UTC+8
Last Updated: 2019-02-15 18:03:26 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
CVE-2019-6496 allows remote attackers to conduct denial-of-service attacks or execute arbitrary code.
None of Synology's products are affected as CVE-2019-6496 only affects products equipped with Marvell Avastar SoC.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.2 | Not affected | N/A |
Mitigation
None
Detail
- CVE-2019-6496
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2019-02-15 | Initial public release. |