CVE-2020-26143

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*
cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

History

03 Dec 2021, 21:25

Type Values Removed Values Added
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
CPE cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

28 Oct 2021, 15:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu -
  • (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 -
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf -

19 May 2021, 19:17

Type Values Removed Values Added
CWE CWE-20
References (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References (MISC) https://www.fragattacks.com - (MISC) https://www.fragattacks.com - Third Party Advisory
CPE cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*
cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.3
v3 : 6.5

Information

Published : 2021-05-11 20:15

Updated : 2024-02-04 21:47


NVD link : CVE-2020-26143

Mitre link : CVE-2020-26143

CVE.ORG link : CVE-2020-26143


JSON object : View

Products Affected

arista

  • w-68_firmware
  • c-75
  • w-68
  • o-90_firmware
  • c-65
  • c-75_firmware
  • o-90
  • c-65_firmware

siemens

  • scalance_w700_ieee_802.11n_firmware
  • scalance_w700_ieee_802.11n

alfa

  • awus036h_firmware
  • awus036h
CWE
CWE-20

Improper Input Validation