Wi-Fi Security Advisory

December 8, 2023 less than 1 minute read

In case you missed it, Espressif announced a major Wi-Fi security vulnerability affecting all ESP32 chips with Wi-Fi.

When an ESP32 or ESP8266 SoC is connected to an encrypted Wi-Fi accesspoint, an attacker who injects a forged Wi-Fi beacon frame impersonating the access point can cause the SoC to switch to open authentication mode.

Basically a malicious actor can get your ESP32 to connect to a compromised access point allowing them TCP/IP access to the SoC.

The good news is that it does not allow the attacker to bypass TLS or gain access to the genuine access point you originally connected to.

Espressif has already fixed the issue in all major branches of IDF going back to v3.1 for the ESP32 and v2.1 for the ESP8266.

Since this is a security advisory it is also being tracked as CVE-2020-12638.

We recommend you update your version of IDF as soon as possible to close the security gap.

Share on

Twitter Facebook LinkedIn

IDF v5.0 Enters Maintenance Mode

November 29, 2023 less than 1 minute read

As of today, IDF v5.0 has entered the 18 month Maintenance period which is defined by Espressif as: During the Maintenance period, the version is still s...

IDF v4.4.6 Released

September 29, 2023 less than 1 minute read

Today Espressif released IDF v4.4.6 which is the latest bugfix update for ESP-IDF v4.4

Introducing Device Deletion

July 12, 2023 less than 1 minute read

Deploy the Fleet now supports deleting a device from your product’s device list.

Provision ESP32 over BLE with the Arduino Library

May 9, 2023 2 minute read

A Deploy the Fleet customer recently reached out asking if we have any advice on approaches to provisioning an ESP32 device with WiFi credentials. Many are f...

Kevin