Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
294
VMScore

CVE-2020-26141

Published: 11/05/2021 Updated: 22/04/2022
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Alfa

Vulnerability Summary

An issue exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

alfa awus036h_firmware 6.1316.1209

cisco meraki_gr10_firmware

cisco meraki_gr60_firmware

cisco meraki_mr20_firmware

cisco meraki_mr30h_firmware

cisco meraki_mr33_firmware

cisco meraki_mr36_firmware

cisco meraki_mr42_firmware

cisco meraki_mr42e_firmware

cisco meraki_mr44_firmware

cisco meraki_mr45_firmware

cisco meraki_mr46_firmware

cisco meraki_mr46e_firmware

cisco meraki_mr52_firmware

cisco meraki_mr53_firmware

cisco meraki_mr53e_firmware

cisco meraki_mr55_firmware

cisco meraki_mr56_firmware

cisco meraki_mr70_firmware

cisco meraki_mr74_firmware

cisco meraki_mr76_firmware

cisco meraki_mr84_firmware

cisco meraki_mr86_firmware

cisco meraki_mr12_firmware

cisco meraki_mr18_firmware

cisco meraki_mr26_firmware

cisco meraki_mr32_firmware

cisco meraki_mr34_firmware

cisco meraki_mr62_firmware

cisco meraki_mr66_firmware

cisco meraki_mr72_firmware

cisco meraki_mx64w_firmware

cisco meraki_mx65w_firmware

cisco meraki_mx67w_firmware

cisco meraki_mx67cw_firmware

cisco meraki_mx68w_firmware

cisco meraki_mx68cw_firmware

cisco meraki_z3_firmware

cisco meraki_z3c_firmware

cisco wireless_ip_phone_8821_firmware

cisco ip_phone_6861_firmware

cisco ip_phone_8861_firmware

cisco ip_phone_8865_firmware

cisco ip_conference_phone_8832_firmware

cisco webex_room_series_firmware

cisco webex_desk_series_firmware

cisco webex_board_series_firmware

cisco webex_wireless_phone_860_firmware

cisco webex_wireless_phone_840_firmware

siemens 6gk5778-1gy00-0ab0_firmware -

siemens 6gk5778-1gy00-0aa0_firmware -

siemens 6gk5721-1fc00-0aa0_firmware -

siemens 6gk5721-1fc00-0ab0_firmware -

siemens 6gk5722-1fc00-0aa0_firmware -

siemens 6gk5722-1fc00-0ab0_firmware -

siemens 6gk5722-1fc00-0ac0_firmware -

siemens 6gk5734-1fx00-0aa0_firmware -

siemens 6gk5734-1fx00-0aa6_firmware -

siemens 6gk5734-1fx00-0ab0_firmware -

siemens 6gk5734-1fx00-0ab6_firmware -

siemens 6gk5738-1gy00-0aa0_firmware -

siemens 6gk5738-1gy00-0ab0_firmware -

siemens 6gk5748-1fc00-0aa0_firmware -

siemens 6gk5748-1fc00-0ab0_firmware -

siemens 6gk5748-1gd00-0aa0_firmware -

siemens 6gk5748-1gd00-0ab0_firmware -

siemens 6gk5761-1fc00-0aa0_firmware -

siemens 6gk5761-1fc00-0ab0_firmware -

siemens 6gk5774-1fx00-0aa0_firmware -

siemens 6gk5774-1fx00-0aa6_firmware -

siemens 6gk5774-1fx00-0ab0_firmware -

siemens 6gk5774-1fx00-0ab6_firmware -

siemens 6gk5774-1fy00-0ta0_firmware -

siemens 6gk5774-1fy00-0tb0_firmware -

siemens 6gk5778-1gy00-0ta0_firmware -

siemens 6gk5778-1gy00-0tb0_firmware -

siemens 6gk5786-1fc00-0aa0_firmware -

siemens 6gk5786-1fc00-0ab0_firmware -

siemens 6gk5786-2fc00-0aa0_firmware -

siemens 6gk5786-2fc00-0ab0_firmware -

siemens 6gk5786-2fc00-0ac0_firmware -

siemens 6gk5786-2hc00-0aa0_firmware -

siemens 6gk5786-2hc00-0ab0_firmware -

siemens 6gk5788-1fc00-0aa0_firmware -

siemens 6gk5788-1fc00-0ab0_firmware -

siemens 6gk5788-1gd00-0aa0_firmware -

siemens 6gk5788-1gd00-0ab0_firmware -

siemens 6gk5788-2fc00-0aa0_firmware -

siemens 6gk5788-2fc00-0ab0_firmware -

siemens 6gk5788-2fc00-0ac0_firmware -

siemens 6gk5788-2gd00-0aa0_firmware -

siemens 6gk5788-2gd00-0ab0_firmware -

siemens 6gk5788-2gd00-0ta0_firmware -

siemens 6gk5788-2gd00-0tb0_firmware -

siemens 6gk5788-2gd00-0tc0_firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5361-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2020-26141
A vulnerability was found in Linux kernel's WiFi implementation An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames ...
Cisco: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public This paper discusses 12 vulnerabilities in the 80211 standard One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are impl ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-004
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-002
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1879 linux 5122arch1-1 Medium Vulnerable ...

ICS Advisories

Siemens SCALANCE FragAttacks

Mailing Lists

Full Disclosure: various 802.11 security issues - fragattacks.com
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> various 80211 security issues - fragattackscom <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Johannes Berg &l ...

References

CWE-354https://www.fragattacks.comhttps://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdhttp://www.openwall.com/lists/oss-security/2021/05/11/12https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWuhttps://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5361-1https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook