less than 1 minute read

In case you missed it, Espressif announced a major Wi-Fi security vulnerability affecting all ESP32 chips with Wi-Fi.

When an ESP32 or ESP8266 SoC is connected to an encrypted Wi-Fi accesspoint, an attacker who injects a forged Wi-Fi beacon frame impersonating the access point can cause the SoC to switch to open authentication mode.

Basically a malicious actor can get your ESP32 to connect to a compromised access point allowing them TCP/IP access to the SoC.

The good news is that it does not allow the attacker to bypass TLS or gain access to the genuine access point you originally connected to.

Espressif has already fixed the issue in all major branches of IDF going back to v3.1 for the ESP32 and v2.1 for the ESP8266.

Since this is a security advisory it is also being tracked as CVE-2020-12638.

We recommend you update your version of IDF as soon as possible to close the security gap.