An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Third Party Advisory |
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | Third Party Advisory |
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory |
https://www.fragattacks.com | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
03 Dec 2021, 21:25
Type | Values Removed | Values Added |
---|---|---|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory | |
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory | |
CPE | cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:* cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:* cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:* |
28 Oct 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2021, 19:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory | |
References | (MISC) https://www.fragattacks.com - Third Party Advisory | |
CPE | cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:* cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 6.5 |
Information
Published : 2021-05-11 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-26143
Mitre link : CVE-2020-26143
CVE.ORG link : CVE-2020-26143
JSON object : View
Products Affected
arista
- w-68_firmware
- c-75
- w-68
- o-90_firmware
- c-65
- c-75_firmware
- o-90
- c-65_firmware
siemens
- scalance_w700_ieee_802.11n_firmware
- scalance_w700_ieee_802.11n
alfa
- awus036h_firmware
- awus036h
CWE
CWE-20
Improper Input Validation