Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
1. What is WVE?
3. I think I have discovered a new wireless vulnerability. How should I submit it to WVE?
4. WVE is incomplete. Why don't you have an entry for the 'foo' vulnerability or an exploit for it?
6. How does WVE relate to CVE, they sound very similar?
7. Can I use the information in the WVE database on my own website, or in my own application?
8. Does WVE cover vulnerabilities in AP configuration interfaces?
9. Why doesn't WVE include tools as well as exploits?
WVE stands for Wireless Vulnerabilities and Exploits and is a system for cataloging vulnerabilities specific to wireless mediums and protocols along with the tools used to exploit them. WVE is a system similar to CVE or OSVDB, but with a much narrower scope. This is primarily because many of the entries found in CVE or OSVDB related to wireless devices concern vulnerabilities in the device's SNMP or web-based management interfaces. WVE seeks to document the vulnerabilities in the wireless protocols themselves. As such, WVE is not limited to just 802.11 and Bluetooth, but any communications medium or protocol that has a wireless focus.
Anyone can contribute. To submit an entry, just click the Submit Entry link in the menu to the left. You'll be prompted for the information required to create an entry. After you've submitted it, our editorial board will review it for inclusion into the database. This involves making sure the entry is within scope of how we define a vulnerability or exploit and that the entry is described accurately according to the references provided. Once a majority of the editorial board approves an entry it becomes a permanent part of the database.
We encourage the use of responsible disclosure practices in matters dealing with newly discovered security vulnerabilities. However, if you have a vulnerability that you have disclosed we would greatly appreciate submitting an entry. For more information on responsible disclosure practices, see the links page. In addition, we appreciate any submissions for new exploits or attack tools that you have created.
We could never make WVE complete by ourselves. We need your help! If you know of a wireless vulnerability or exploit that is not included in WVE then write a submission. You will get credit for your submission and you will be helping improve the universe of knowlege about wireless security.
The WVE site and database of vulnerabilities and exploits are maintained by an editorial board of security professionals with significant expertise in wireless security.
WVE is similar in nature to CVE, but has a different scope. CVE, or Common Exposures and Vulnerabilities, deals only with vulnerabilities in computer systems. On the other hand, WVE deals with both the vulnerabilities and the tools that are used to exploit them. Thus, in a sense it has a broader scope. However, WVE has a much narrower overall scope in that it is only concerned with vulnerabilities that affect wireless related protocols. CVE does contain some entries related to wireless protocols though, which you will find are included in the WVE database. We generally try to provide additional background information on these entries, but you will see that CVE is referenced for these vulnerabilities.
Yes, as long as the Terms of Use are followed. Essentially linking to content on this site has no strings attached. However, if you take content from this site and re-package it on your own website or product then you must attribute it as described in the Terms of Use.
Yes. Although vulnerabilities in the web or SNMP configuration interfaces on APs may also be covered in other vulnerability databases, we have chosen to include them in WVE as well. There are two reasons for this:
The purpose of WVE is to improve communication between people and programs that care about wireless security. The reason to catalog and name wireless exploits is so that people who care about detecting these exploits and computer programs that automate that detection can have a common vocabulary. It is not our goal for WVE to be a general database of wireless networking information. We are only concerned with describing and providing common names for security issues.
