VDB

GCVE-110-MAGEIA-2014-429

GCVE-110-MAGEIA-2014-429
Advisory Published
Vulnetix · Advisory published October 28, 2014
A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases) (CVE-2014-3686). Using the Mageia wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar. The Mageia hostapd package was not vulnerable with the configuration with which it was built, but if a sysadmin had rebuilt it with WPS enabled, it would be vulnerable.

Affected Products

VendorProductVersionsPlatforms
Mageiahostapd0 (affected), 1.1-2.1.mga3 (unaffected)
Mageiahostapd0 (affected), 2.0-2.1.mga4 (unaffected)
Mageiawpa_supplicant0 (affected), 1.1-4.1.mga3 (unaffected)
Mageiawpa_supplicant0 (affected), 2.0-2.1.mga4 (unaffected)

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›