CVE-2020-26144

CWE-20 — Improper Input Validation CWE-345 CWE-772 CWE-99 CWE-2908 documents8 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 33.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

12

Arista C-100 Firmware Arista C-110 Firmware Arista C-120 Firmware +9 more

Timeline

PublishedMay 11

Latest updateMay 24

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶NVDsamsung/galaxy_i9305_firmware4.4.4

▶NVDarista/c-100_firmware< 11.0.0-36

▶NVDarista/c-110_firmware< 11.0.0-36

▶NVDarista/c-120_firmware< 11.0.0-36

▶NVDarista/c-130_firmware< 11.0.0-36

🔴Vulnerability Details

3

GHSA

GHSA-89fj-xvf5-gc78: An issue was discovered on Samsung Galaxy S3 i9305 4↗2022-05-24

▶

OSV

CVE-2020-26144: An issue was discovered on Samsung Galaxy S3 i9305 4↗2021-05-11

▶

CVEList

CVE-2020-26144: An issue was discovered on Samsung Galaxy S3 i9305 4↗2021-05-11

▶

📋Vendor Advisories

4

BSD

FreeBSD-SA-22:02.wifi: Multiple WiFi issues↗2022-03-15

▶

Cisco

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021↗2021-05-11

▶

Microsoft

Windows Wireless Networking Spoofing Vulnerability↗2021-05-11

▶

Red Hat

kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header↗2021-05-11

▶

CVE-2020-26144 (MEDIUM CVSS 6.5) | An issue was discovered on Samsung | cvebase.io