CVE-2020-26144

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11ax:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:19

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
References () https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory () https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References () https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory () https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
References () https://www.fragattacks.com - Third Party Advisory () https://www.fragattacks.com - Third Party Advisory

04 Dec 2021, 01:48

Type Values Removed Values Added
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
CPE cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11ax:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

28 Oct 2021, 15:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu -
  • (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 -
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf -

21 May 2021, 19:02

Type Values Removed Values Added
CWE CWE-20
CPE cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.3
v3 : 6.5
References (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References (MISC) https://www.fragattacks.com - (MISC) https://www.fragattacks.com - Third Party Advisory

Information

Published : 2021-05-11 20:15

Updated : 2024-11-21 05:19


NVD link : CVE-2020-26144

Mitre link : CVE-2020-26144

CVE.ORG link : CVE-2020-26144


JSON object : View

Products Affected

arista

  • c-200_firmware
  • c-230_firmware
  • w-118_firmware
  • c-120
  • o-105
  • c-100
  • c-110_firmware
  • c-230
  • w-68_firmware
  • o-105_firmware
  • o-90
  • c-110
  • c-235_firmware
  • c-200
  • c-65
  • c-65_firmware
  • c-75_firmware
  • c-130
  • w-118
  • c-235
  • w-68
  • c-250_firmware
  • c-120_firmware
  • c-260
  • c-260_firmware
  • c-130_firmware
  • c-75
  • c-250
  • o-90_firmware
  • c-100_firmware

siemens

  • scalance_w700_ieee_802.11ax_firmware
  • scalance_w700_ieee_802.11n_firmware
  • scalance_w700_ieee_802.11ax
  • scalance_w700_ieee_802.11n

samsung

  • galaxy_i9305_firmware
  • galaxy_i9305
CWE
CWE-20

Improper Input Validation