CVEFinder.io

CVE-2019-12586

🔶 medium
🔍 Scan for this CVE
Summary

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

CVSS Score
6.5
Medium
EPSS Score
2.4
Exploit Probability
Published Date
2019-09-04
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 326,604 vulnerabilities in our database.

#170,379
Below average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

📦 Affected Products 4

Vendor Product Status Affected Versions
espressif esp-idf Affected
≥ 2.0.0 ≤ 4.0.0
espressif esp8266_nonos_sdk Affected
≥ 2.2.0 ≤ 3.0.0
espressif arduino-esp32 Affected
≤ 1.0.2
espressif arduino-esp32 Affected
v1.0.3

🔗 References 3

https://github.com/Matheus-Garbelini/esp32_esp8266_a...
Exploit Third Party Advisory
https://github.com/espressif
Third Party Advisory
https://matheus-garbelini.github.io/home/post/esp32-...
Exploit Patch Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-42855 ⚠️ high 7.5 0.0 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr... 2026-05-12
CVE-2026-42854 ⛔ critical 9.8 0.3 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr... 2026-05-12
CVE-2026-41429 ⚠️ high 8.8 0.0 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr... 2026-04-24
CVE-2026-25507 🔶 medium 6.3 0.0 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1... 2026-02-04
CVE-2026-25508 🔶 medium 6.3 0.0 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1... 2026-02-04
CVE-2026-25532 🔶 medium 6.3 0.0 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1... 2026-02-04
These CVEs affect the same products