Login Sign Up

CVE-2017-9417

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2017-9417 (Broadpwn) is a critical remote code execution vulnerability in Broadcom BCM43xx Wi-Fi chips that allows attackers to execute arbitrary code on affected devices without user interaction. This affects millions of Android and iOS devices, routers, and other IoT devices using these chips. Attackers can exploit this vulnerability when the device's Wi-Fi is enabled, even if not connected to a network.

💻 Affected Systems

Products:
  • Android devices
  • iOS devices
  • Routers with Broadcom BCM43xx chips
  • IoT devices with affected chips
Versions: Devices with Broadcom BCM43xx chips before firmware patches in 2017
Operating Systems: Android, iOS, Linux-based router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with Wi-Fi enabled, regardless of connection status. Particularly widespread in mobile devices from 2014-2017.

📦 What is this software?

Bcm43xx Wi Fi Chipset Firmware by Broadcom

View all CVEs affecting Bcm43xx Wi Fi Chipset Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent malware installation, data theft, and device takeover as part of botnets.

🟠

Likely Case

Remote code execution leading to data exfiltration, surveillance, or device bricking in targeted attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and updated firmware, though risk remains for unpatched devices.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication when Wi-Fi is enabled.
🏢 Internal Only: MEDIUM - Requires proximity to target but can spread within wireless range.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code was publicly released and weaponized in the wild. Attack requires proximity but no user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by vendor - Android July 2017 security patch, iOS 10.3.3, router firmware updates from 2017

Vendor Advisory: https://source.android.com/security/bulletin/2017-07-01

Restart Required: Yes

Instructions:

1. Apply latest firmware/OS updates from device manufacturer. 2. For Android: Install July 2017 or later security patch. 3. For iOS: Update to iOS 10.3.3 or later. 4. For routers: Update to latest firmware from vendor.

🔧 Temporary Workarounds

Disable Wi-Fi when not needed

all

Turn off Wi-Fi radio to prevent exploitation

# Android: adb shell svc wifi disable
# iOS: Settings > Wi-Fi > Off
# Linux: sudo nmcli radio wifi off

Network segmentation

all

Isolate vulnerable devices from critical networks

🧯 If You Can't Patch

  • Replace affected hardware with updated chipsets
  • Implement strict network access controls and monitor for suspicious Wi-Fi activity

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against vendor advisories. For Android: Settings > About phone > Android security patch level (should be July 2017 or later).

Check Version:

# Android: getprop ro.build.version.security_patch
# iOS: Settings > General > About > Version
# Linux routers: cat /proc/version

Verify Fix Applied:

Verify firmware version is patched per vendor recommendations and test Wi-Fi functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Wi-Fi driver crashes
  • Kernel panics related to networking
  • Unexpected firmware reloads

Network Indicators:

  • Malformed Wi-Fi frames targeting BCM43xx chips
  • Unusual broadcast/multicast traffic from devices

SIEM Query:

source="*kernel*" AND ("BCM43xx" OR "broadcom" OR "wifi") AND ("crash" OR "panic" OR "exception")

📊 Metadata

CVE ID: CVE-2017-9417
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: June 4, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON