Stack Based Buffer Overflow in Wireless LAN (WLAN) Chipset
On February 6, 2023, Qualcomm disclosed a vulnerability in the QCA Wireless LAN (WLAN) chipset product line. The CVE ID CVE-2022-33279 identifies the vulnerability. The Base CVSS score as of the time of evaluation is 9.8.
Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of a Cisco Meraki firmware running on an affected device or cause an Access Point ( AP) to reboot, resulting in a Denial of Service (DoS) condition.
Multiple products from the MR product family used the impacted Qualcomm chipset and are affected by this vulnerability.
Cisco Meraki has fixed this vulnerability in MR 29.5.1 or later firmware release. There are no workarounds that address this vulnerability.
The vulnerability is due to incorrect boundary checks of certain values in Wireless Network Management (WNM) frames. An unauthenticated, adjacent attacker within wireless range could exploit this vulnerability by sending crafted frames to an affected device. A stack-based buffer overflow condition may occur when the crafted frames are processed. A successful exploit could allow the attacker to trigger a denial of service (DoS) condition or execute arbitrary code in the context of a Cisco Meraki firmware running on an affected device.
This vulnerability affects the following Cisco Meraki devices:
MR45, MR55, MR28, MR78, MR36, MR36H, MR44, MR46, MR46E, MR56, MR76, MR86, MR57, CW9162I, CW9164I, CW9166I
Cisco Meraki has internally applied Qualcomm’s supplied fix to the following firmware releases. Please see the table below for fix information for each affected product:
|Model Number||Fixed Release|
Mitigation and remediation
There are no mitigations for this vulnerability. A firmware upgrade is required.