CVE-2026-23812 | THREATINT

Description

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.

PUBLISHED Reserved 2026-01-16 | Published 2026-03-04 | Updated 2026-03-04 | Assigner hpe

MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Product status

Default status

affected

10.8.0.0 (semver)

affected

10.7.0.0 (semver)

affected

10.4.0.0 (semver)

affected

8.13.0.0 (semver)

affected

8.12.0.0 (semver)

affected

8.10.0.0 (semver)

affected

Credits

Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven finder

References

support.hpe.com/...y?docId=hpesbnw05026en_us&docLocale=en_US

cve.org (CVE-2026-23812)

nvd.nist.gov (CVE-2026-23812)

Download JSON