Author Topic: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution (Read 1291 times)

Antus67 · « **on:** January 22, 2019, 11:24:33 AM »

BY: Zeljka Zorz, Managing EditorJanuary 21, 2019

The discovery was made by Embedi researcher Denis Selianin, who decided to first analyze the code of the Marvell Avastar Wi-Fi driver code, which loads firmware to Wi-Fi SoC (system on chip), and then to engage in fuzzing the firmware.

“A device manufacturer supplies appropriate firmware images and operating system device drivers, so during startup, a driver can upload firmware enabling its main functionality to the Wi-Fi SoC,” he explained.

Full Article Here:https://www.helpnetsecurity.com/2019/01/21/marvell-avastar-wi-fi-vulnerability/

plodr · « **Reply #1 on:** January 22, 2019, 12:58:22 PM »

This is the part I was interested in

Quote

The vulnerable Marvell Avastar Wi-Fi can be found in Sony PlayStation 4, Microsoft Surface computers, Xbox One, Samsung Chromebooks, certain smartphones (e.g., Galaxy J1), Valve SteamLink and other devices.

There are so many security stories that I want to know at the outset, Do I need to worry?

Since I own a Galaxy J3 Emerge, I'll need to discover what wifi chipset is in my phone.

I also wonder what "other devices" are vulnerable.

LandzDown Forum

News:

Author Topic: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution (Read 1291 times)

Antus67

Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution

plodr

Re: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution