CVE-2020-26143Improper Input Validation in Awus036h Firmware

CWE-20Improper Input ValidationCWE-345Insufficient Verification of Data AuthenticityCWE-772Missing Release of Resource after Effective LifetimeCWE-99Resource InjectionCWE-346Origin Validation Error6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 39.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Alfa Awus036h Firmware
Timeline
PublishedMay 11
Latest updateMay 24

Description

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDalfa/awus036h_firmware1030.36.604

🔴Vulnerability Details

3
GHSA
GHSA-c49c-jx24-458g: An issue was discovered in the ALFA Windows 10 driver 10302022-05-24
CVEList
CVE-2020-26143: An issue was discovered in the ALFA Windows 10 driver 10302021-05-11
OSV
CVE-2020-26143: An issue was discovered in the ALFA Windows 10 driver 10302021-05-11

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 20212021-05-11
Red Hat
kernel: accepting fragmented plaintext frames in protected networks2021-05-11
CVE-2020-26143 — Improper Input Validation | cvebase