CVE-2014-3686
EPSS 4.5%wpa - security update
Published: 10/16/2014Modified: 4/28/2026
Description
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
Affected packages (3)
- Debian/wpafrom 0, < 2.3-1
- Debian/wpafrom 0, < 1.0-3+deb7u1
- Debian/wpasupplicantfrom 0, < 0.6.10-2.1+deb6u1