Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE is a standardized nomenclature for Vulnerabilities in wireless protocols and products, and the Exploits which take advantage of these vulnerabilities. It is also a database or catalog of these vulnerabilties and exploits.
WVE was inspired by other systems like CVE and OSVDB which catalog vulnerabilities. While these systems contain entries related to specific application issues with wireles devices such as vulnerabilities in their SNMP or web-based management interfaces, there are few entries which cover issues inherent in the wireless protocols themselves. These databases tend to be focused on the application layer, whereas most wireless vulnerabilities manifest themselves lowever in the stack, or are intrinsic in the medium or the protocol. WVE is designed to augment these existing databases—not to replicate or replace them—by focusing on the issues that they are not covering.
WVE is a community effort. Anyone is able to make a contribution to the database, and anyone can use the database for free provided they give an attribution according to the terms of use.
To ensure consistency in WVE information the following definitions of "wireless", "vulnerability" and "exploit" are to be used. These definitions constrain the scope of WVE and should be used when deciding whether or not a new discovery qualifies for inclusion in WVE.
Any protocol or product specifically design for wireless communication. This includes radio frequency (RF) protocols, as well as non-RF protocols such those that use infra-red communication (e.g. IrDA). Wireless communication has two characteristics which differentiate it from wired communication:
*with the exception of IrDA
These characteristics mean that wireless products are subject to a range of issues that are not present in wired products.
WVE was created to catalogue vulnerabilities and exploits for IEEE 802.11, however it is not limited to 802.11. We are also concerned about other wireless protocols like Bluetooth, 802.16/WiMax, GSM, CDMA and any other standards that may become popular in the future. WVE only considers vulnerabilities and exploits that relate to the wireless aspect of wireless products. For example, vulnerabilities in the web-server on a wireless access point are not considered wireless vulnerabilities.
A vulnerability is an aspect of a system or protocol that may be exploited to use the system in a protocol in a manner other than it was designed for. Vulnerabilities allow:
A vulnerability might be taken advantage of by one or more exploits.
Wireless systems may have vulnerabilities directly in the protocol (such as the WEP flaws in 802.11), or the implementation of the protocol (issues where APs may not require authentication when they should), or in other aspects of the wireless infrastucture that directly affects the security of the wireless network (such as a vulnerability in the web interface of an AP). WVE covers all of these vulnerabilities.
An exploit is a technique—such as a program, piece of code, set of steps or hardware device—which takes advantage of one or more vulnerabilities. For a program to be included in WVE as an exploit its primary purpose must be to take advantage of a vulnerability to allow compromise of network in one of the four ways listed above.
Tools which are primarily used for troubleshooting or protecting wireless networks are not exploits and will not be included.
