cbcvebase.
CVE-2020-24586
published 2021-05-11

CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be…

low3.5CVSS 3.1
AVAACLPRNUIRSUCLINAN
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
aristac-200_firmware< 11.0.0-3611.0.0-36
aristac-230_firmware< 10.0.1-3110.0.1-31
aristac-235_firmware< 10.0.1-3110.0.1-31
aristac-250_firmware< 10.0.1-3110.0.1-31
aristac-260_firmware< 10.0.1-3110.0.1-31
debiandebian_linux
debianfirmware-nonfree< firmware-nonfree 20210818-1 (bookworm)firmware-nonfree 20210818-1 (bookworm)
debianlinux< firmware-nonfree 20210818-1 (bookworm)firmware-nonfree 20210818-1 (bookworm)
intelac_3165_firmware< 19.51.33.119.51.33.1
intelac_3168_firmware< 19.51.33.119.51.33.1
intelac_7265_firmware< 19.51.33.119.51.33.1
intelac_8260_firmware< 20.70.21.220.70.21.2
intelac_8265_firmware< 20.70.21.220.70.21.2
intelac_9260_firmware< 22.30.0.1122.30.0.11
intelac_9461_firmware< 22.30.0.1122.30.0.11
intelac_9462_firmware< 22.30.0.1122.30.0.11
intelac_9560_firmware< 22.30.0.1122.30.0.11
intelax200_firmware< 22.30.0.1122.30.0.11
intelax201_firmware< 22.30.0.1122.30.0.11
intelax210_firmware< 22.30.0.1122.30.0.11
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 4.15.0-151.1574.15.0-151.157

CVSS provenance

nvdv3.13.5LOWCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv3.5LOW