Assistant Professor Sudipta Chattopadhyay and his team have publicly released three Wi-Fi vulnerabilities (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588) discovered through their research on Over-the-air Fuzzing. They have also made part of their framework that exploit these vulnerabilities open source via: https://matheus-garbelini.github.io/home/post/ The scientific methodologies behind the discovery will be released in public within 2-3 weeks (as it is pending provisional patent application).

The post on Hackernews has attracted significant attention: https://news.ycombinator.com/item?id=20867758 The GitHub repository can be found here: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

HackaDay has also covered this recent find: https://hackaday.com/2019/09/05/esp8266-and-esp32-wifi-hacked/