Vulnerabilities:

CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel’s iNet Wireless Daemon) allow attackers to:

• Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
• Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.

Affected devices:

• CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
• CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).

Mitigation:

• Update your Linux distribution and ChromeOS (version 118 or later).
• Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.

Exploitation:

• Attacker needs SSID and physical proximity for CVE-2023-52160.
• CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.

Links:

• Research article: https://www.top10vpn.com/research/wifi-vulnerabilities/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52160
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52161