Analysis/exploitation of @nitayart's Broadpwn bug (CVE-2017-9417)


(imad) #1

broadpwn is a heap overflow on Broadcom Wi-Fi chips. It’s triggered when a device receives a WME (Quality-of-Service) information element with a malformed length from a connected network : http://boosterok.com/blog/broadpwn/ and http://boosterok.com/blog/broadpwn2/ for the exploitation


(Command-Line Ninja) #3

#4

Awesome! Thanks for sharing! =D


(oaktree) #5

(system) #6

(oaktree) #7