The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
2023-04-15T02:15:07.290
2025-02-06T16:15:31.443
Modified
CVSSv3.1: 7.5 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ieee | ieee_802.11 | * | Yes |
| Operating System | sonicwall | tz670_firmware | - | Yes |
| Hardware | sonicwall | tz670 | - | No |
| Operating System | sonicwall | tz570_firmware | - | Yes |
| Hardware | sonicwall | tz570 | - | No |
| Operating System | sonicwall | tz570p_firmware | - | Yes |
| Hardware | sonicwall | tz570p | - | No |
| Operating System | sonicwall | tz570w_firmware | - | Yes |
| Hardware | sonicwall | tz570w | - | No |
| Operating System | sonicwall | tz470_firmware | - | Yes |
| Hardware | sonicwall | tz470 | - | No |
| Operating System | sonicwall | tz470w_firmware | - | Yes |
| Hardware | sonicwall | tz470w | - | No |
| Operating System | sonicwall | tz370_firmware | - | Yes |
| Hardware | sonicwall | tz370 | - | No |
| Operating System | sonicwall | tz370w_firmware | - | Yes |
| Hardware | sonicwall | tz370w | - | No |
| Operating System | sonicwall | tz270_firmware | - | Yes |
| Hardware | sonicwall | tz270 | - | No |
| Operating System | sonicwall | tz270w_firmware | - | Yes |
| Hardware | sonicwall | tz270w | - | No |
| Operating System | sonicwall | tz600_firmware | - | Yes |
| Hardware | sonicwall | tz600 | - | No |
| Operating System | sonicwall | tz600p_firmware | - | Yes |
| Hardware | sonicwall | tz600p | - | No |
| Operating System | sonicwall | tz500_firmware | - | Yes |
| Hardware | sonicwall | tz500 | - | No |
| Operating System | sonicwall | tz500w_firmware | - | Yes |
| Hardware | sonicwall | tz500w | - | No |
| Operating System | sonicwall | tz400_firmware | - | Yes |
| Hardware | sonicwall | tz400 | - | No |
| Operating System | sonicwall | tz400w_firmware | - | Yes |
| Hardware | sonicwall | tz400w | - | No |
| Operating System | sonicwall | tz350_firmware | - | Yes |
| Hardware | sonicwall | tz350 | - | No |
| Operating System | sonicwall | tz350w_firmware | - | Yes |
| Hardware | sonicwall | tz350w | - | No |
| Operating System | sonicwall | tz300_firmware | - | Yes |
| Hardware | sonicwall | tz300 | - | No |
| Operating System | sonicwall | tz300p_firmware | - | Yes |
| Hardware | sonicwall | tz300p | - | No |
| Operating System | sonicwall | tz300w_firmware | - | Yes |
| Hardware | sonicwall | tz300w | - | No |
| Operating System | sonicwall | soho_250_firmware | - | Yes |
| Hardware | sonicwall | soho_250 | - | No |
| Operating System | sonicwall | soho_250w_firmware | - | Yes |
| Hardware | sonicwall | soho_250w | - | No |
| Operating System | sonicwall | sonicwave_231c_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_231c | - | No |
| Operating System | sonicwall | sonicwave_224w_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_224w | - | No |
| Operating System | sonicwall | sonicwave_432o_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_432o | - | No |
| Operating System | sonicwall | sonicwave_621_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_621 | - | No |
| Operating System | sonicwall | sonicwave_641_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_641 | - | No |
| Operating System | sonicwall | sonicwave_681_firmware | - | Yes |
| Hardware | sonicwall | sonicwave_681 | - | No |