diff --git a/Sming/Arch/Esp32/Platform/WifiEventsImpl.cpp b/Sming/Arch/Esp32/Platform/WifiEventsImpl.cpp index c1f372f3d4..3778593a55 100644 --- a/Sming/Arch/Esp32/Platform/WifiEventsImpl.cpp +++ b/Sming/Arch/Esp32/Platform/WifiEventsImpl.cpp @@ -11,6 +11,7 @@ */ #include "WifiEventsImpl.h" +#include #include #include @@ -66,6 +67,16 @@ void WifiEventsImpl::WifiEventHandler(void* arg, esp_event_base_t base, int32_t auto oldMode = WifiAuthMode(event->old_mode); auto newMode = WifiAuthMode(event->new_mode); debugf("mode: %d -> %d\n", oldMode, newMode); + + if((oldMode != AUTH_OPEN) && (newMode == AUTH_OPEN)) { + // CVE-2020-12638 workaround. + // TODO: Remove this workaround once ESP-IDF has the proper fix. + debugf("Potential downgrade attack. Reconnecting WiFi. See CVE-2020-12638 for more details\n"); + WifiStation.disconnect(); + WifiStation.connect(); + break; + } + if(onSTAAuthModeChange) { onSTAAuthModeChange(oldMode, newMode); } diff --git a/Sming/Arch/Esp8266/Platform/WifiEventsImpl.cpp b/Sming/Arch/Esp8266/Platform/WifiEventsImpl.cpp index d8e4fca199..2e4370e86d 100644 --- a/Sming/Arch/Esp8266/Platform/WifiEventsImpl.cpp +++ b/Sming/Arch/Esp8266/Platform/WifiEventsImpl.cpp @@ -11,6 +11,7 @@ */ #include "WifiEventsImpl.h" +#include #include static WifiEventsImpl events; @@ -48,6 +49,16 @@ void WifiEventsImpl::WifiEventHandler(System_Event_t* evt) auto oldMode = WifiAuthMode(evt->event_info.auth_change.old_mode); auto newMode = WifiAuthMode(evt->event_info.auth_change.new_mode); debugf("mode: %d -> %d\n", oldMode, newMode); + + if((oldMode != AUTH_OPEN) && (newMode == AUTH_OPEN)) { + // CVE-2020-12638 workaround. + // TODO: Remove this workaround once NON-OS SDK 3.0.x plays nicely with Sming + debugf("Potential downgrade attack. Reconnecting WiFi. See CVE-2020-12638 for more details\n"); + WifiStation.disconnect(); + WifiStation.connect(); + break; + } + if(onSTAAuthModeChange) { onSTAAuthModeChange(oldMode, newMode); }