GCVE - cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Espressif (`df5bdb83-6e76-51c7-9f3a-58b3951d8668`)
Product	Esp8266 Nonos Sdk (`dbeeda40-205f-5522-9e3c-3e00cf7cc821`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/espressif/esp8266_nonos_sdk`	purl2cpe	2026-06-01 10:12:28.175007

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-12638`	vulnerable	2026-06-03 14:41:35.042330	Details available An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. Published: 2020-07-23T15:41:58.000Z Updated: 2024-08-04T12:04:22.314Z Open on db.gcve.eu Reference links https://github.com/espressif/esp-idf https://github.com/espressif/ESP8266_NONOS_SDK https://github.com/espressif/ESP8266_RTOS_SDK https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12588`	vulnerable	2026-06-03 14:39:35.087412	Details available The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. Published: 2019-09-04T11:30:13.000Z Updated: 2024-08-04T23:24:38.700Z Open on db.gcve.eu Reference links https://github.com/espressif https://github.com/Matheus-Garbelini/esp32_esp8266_attacks https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12587`	vulnerable	2026-06-03 14:39:35.085933	Details available The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point. Published: 2019-09-04T11:31:48.000Z Updated: 2024-08-04T23:24:38.689Z Open on db.gcve.eu Reference links https://github.com/espressif https://github.com/Matheus-Garbelini/esp32_esp8266_attacks https://matheus-garbelini.github.io/home/post/zero-pmk-installation/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12586`	vulnerable	2026-06-03 14:39:35.085484	Details available The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. Published: 2019-09-04T20:00:45.000Z Updated: 2024-08-04T23:24:38.851Z Open on db.gcve.eu Reference links https://github.com/espressif https://github.com/Matheus-Garbelini/esp32_esp8266_attacks https://matheus-garbelini.github.io/home/post/esp32-esp8266-eap-crash/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.