VYPR
Unrated severityNVD Advisory· Published Feb 11, 2025· Updated Nov 3, 2025

CVE-2022-37660

CVE-2022-37660

Description

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • W1.fi/Hostapdcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=2.10

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.