CVE-2020-26143
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
11/05/2021
Last modified:
03/12/2021
Description
An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:* | ||
| cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com