CVE-2019-3405
First published: Mon Jan 11 2021(Updated: )
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version.
Credit: security@360.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 360 360f5 | <=3.1.3.64296 | |
| 360 360f5 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-3405?
CVE-2019-3405 has a medium severity rating due to its potential to disrupt wireless connectivity.
How do I fix CVE-2019-3405?
To fix CVE-2019-3405, upgrade to version 3.1.3.64297 or later of the 360F5 firmware.
What devices are affected by CVE-2019-3405?
CVE-2019-3405 affects the 360F5 firmware versions 3.1.3.64296 and lower.
What type of attack does CVE-2019-3405 enable?
CVE-2019-3405 enables an attacker to disconnect other wireless terminals from the router.
Is CVE-2019-3405 a remote attack vulnerability?
Yes, CVE-2019-3405 can be exploited remotely by sending a specially crafted illegal 802.11 Null Data Frame.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/360
- canonical/360 360f5
- version/360 360f5/3.1.3.64296
- canonical/360 360f5 firmware