CVE-2020-26141

Published: 11/05/2021 Updated: 22/04/2022

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

An issue exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alfa awus036h firmware 6.1316.1209
cisco meraki gr10 firmware
cisco meraki gr60 firmware
cisco meraki mr20 firmware
cisco meraki mr30h firmware
cisco meraki mr33 firmware
cisco meraki mr36 firmware
cisco meraki mr42 firmware
cisco meraki mr42e firmware
cisco meraki mr44 firmware
cisco meraki mr45 firmware
cisco meraki mr46 firmware
cisco meraki mr46e firmware
cisco meraki mr52 firmware
cisco meraki mr53 firmware
cisco meraki mr53e firmware
cisco meraki mr55 firmware
cisco meraki mr56 firmware
cisco meraki mr70 firmware
cisco meraki mr74 firmware
cisco meraki mr76 firmware
cisco meraki mr84 firmware
cisco meraki mr86 firmware
cisco meraki mr12 firmware
cisco meraki mr18 firmware
cisco meraki mr26 firmware
cisco meraki mr32 firmware
cisco meraki mr34 firmware
cisco meraki mr62 firmware
cisco meraki mr66 firmware
cisco meraki mr72 firmware
cisco meraki mx64w firmware
cisco meraki mx65w firmware
cisco meraki mx67w firmware
cisco meraki mx67cw firmware
cisco meraki mx68w firmware
cisco meraki mx68cw firmware
cisco meraki z3 firmware
cisco meraki z3c firmware
cisco wireless ip phone 8821 firmware
cisco ip phone 6861 firmware
cisco ip phone 8861 firmware
cisco ip phone 8865 firmware
cisco ip conference phone 8832 firmware
cisco webex room series firmware
cisco webex desk series firmware
cisco webex board series firmware
cisco webex wireless phone 860 firmware
cisco webex wireless phone 840 firmware
siemens 6gk5778-1gy00-0ab0 firmware -
siemens 6gk5778-1gy00-0aa0 firmware -
siemens 6gk5721-1fc00-0aa0 firmware -
siemens 6gk5721-1fc00-0ab0 firmware -
siemens 6gk5722-1fc00-0aa0 firmware -
siemens 6gk5722-1fc00-0ab0 firmware -
siemens 6gk5722-1fc00-0ac0 firmware -
siemens 6gk5734-1fx00-0aa0 firmware -
siemens 6gk5734-1fx00-0aa6 firmware -
siemens 6gk5734-1fx00-0ab0 firmware -
siemens 6gk5734-1fx00-0ab6 firmware -
siemens 6gk5738-1gy00-0aa0 firmware -
siemens 6gk5738-1gy00-0ab0 firmware -
siemens 6gk5748-1fc00-0aa0 firmware -
siemens 6gk5748-1fc00-0ab0 firmware -
siemens 6gk5748-1gd00-0aa0 firmware -
siemens 6gk5748-1gd00-0ab0 firmware -
siemens 6gk5761-1fc00-0aa0 firmware -
siemens 6gk5761-1fc00-0ab0 firmware -
siemens 6gk5774-1fx00-0aa0 firmware -
siemens 6gk5774-1fx00-0aa6 firmware -
siemens 6gk5774-1fx00-0ab0 firmware -
siemens 6gk5774-1fx00-0ab6 firmware -
siemens 6gk5774-1fy00-0ta0 firmware -
siemens 6gk5774-1fy00-0tb0 firmware -
siemens 6gk5778-1gy00-0ta0 firmware -
siemens 6gk5778-1gy00-0tb0 firmware -
siemens 6gk5786-1fc00-0aa0 firmware -
siemens 6gk5786-1fc00-0ab0 firmware -
siemens 6gk5786-2fc00-0aa0 firmware -
siemens 6gk5786-2fc00-0ab0 firmware -
siemens 6gk5786-2fc00-0ac0 firmware -
siemens 6gk5786-2hc00-0aa0 firmware -
siemens 6gk5786-2hc00-0ab0 firmware -
siemens 6gk5788-1fc00-0aa0 firmware -
siemens 6gk5788-1fc00-0ab0 firmware -
siemens 6gk5788-1gd00-0aa0 firmware -
siemens 6gk5788-1gd00-0ab0 firmware -
siemens 6gk5788-2fc00-0aa0 firmware -
siemens 6gk5788-2fc00-0ab0 firmware -
siemens 6gk5788-2fc00-0ac0 firmware -
siemens 6gk5788-2gd00-0aa0 firmware -
siemens 6gk5788-2gd00-0ab0 firmware -
siemens 6gk5788-2gd00-0ta0 firmware -
siemens 6gk5788-2gd00-0tb0 firmware -
siemens 6gk5788-2gd00-0tc0 firmware -

Several security issues were fixed in the Linux kernel ...

A vulnerability was found in Linux kernel's WiFi implementation An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames ...

A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...

On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public This paper discusses 12 vulnerabilities in the 80211 standard One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are impl ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1879 linux 5122arch1-1 Medium Vulnerable ...

Hi, Several security issues in the 80211 implementations were found by Mathy Vanhoef (New York University Abu Dhabi), who has published all the details at papersmathyvanhoefcom/usenix2021pdf and wwwfragattackscom/ For Linux, we've developed the set of patches posted here: lorekernelorg/linux-wi ...

CWE-354 https://www.fragattacks.com https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5361-1 https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-04

CVE-2020-26141

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect