Author Topic: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution  (Read 1291 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
BY: Zeljka Zorz, Managing EditorJanuary 21, 2019

The discovery was made by Embedi researcher Denis Selianin, who decided to first analyze the code of the Marvell Avastar Wi-Fi driver code, which loads firmware to Wi-Fi SoC (system on chip), and then to engage in fuzzing the firmware.

“A device manufacturer supplies appropriate firmware images and operating system device drivers, so during startup, a driver can upload firmware enabling its main functionality to the Wi-Fi SoC,” he explained.

Full Article Here:

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1479
This is the part I was interested in
The vulnerable Marvell Avastar Wi-Fi can be found in Sony PlayStation 4, Microsoft Surface computers, Xbox One, Samsung Chromebooks, certain smartphones (e.g., Galaxy J1), Valve SteamLink and other devices.

There are so many security stories that I want to know at the outset, Do I need to worry?

Since I own a Galaxy J3 Emerge, I'll need to discover what wifi chipset is in my phone.

I also wonder what "other devices" are vulnerable.