ESP32/8266 vulnerabilities

Hi,

How will this effect esphome using these devices, can we expect an code update to fix the identified issues?

https://hackaday.com/tag/esp8266/

It’s more likely that a thief takes your wallet tonight than you being a victim of this bug.

The “intruder” might need to be in wifi range to the ESP, the ESP must be trying to connect to another AP and the worst damage it can cause will be the ESP not connecting to your AP. Almost all of us use WPA which is not where the vulnerability is found.

2 Likes

There’s a GitHub issue to track this: https://github.com/esphome/issues/issues/652

Does anyone know which Arduino core Esphome uses? If it uses 2.3.0 (as I suspect) it’s subject to other vulnerabilities anyway…

1 Like

I think it uses 2.3.0 https://github.com/esphome/esphome/releases