CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:19

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
References () https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory () https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References () https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory () https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
References () https://www.fragattacks.com - Third Party Advisory () https://www.fragattacks.com - Third Party Advisory

06 Dec 2021, 13:45

Type Values Removed Values Added
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
CPE cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

28 Oct 2021, 15:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu -
  • (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 -
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf -

21 May 2021, 19:01

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References (MISC) https://www.fragattacks.com - (MISC) https://www.fragattacks.com - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 2.9
v3 : 5.3
CPE cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
CWE CWE-20

Information

Published : 2021-05-11 20:15

Updated : 2024-11-21 05:19


NVD link : CVE-2020-26146

Mitre link : CVE-2020-26146

CVE.ORG link : CVE-2020-26146


JSON object : View

Products Affected

arista

  • c-200_firmware
  • c-230_firmware
  • w-118_firmware
  • c-120
  • o-105
  • c-100
  • c-110_firmware
  • c-230
  • w-68_firmware
  • o-105_firmware
  • o-90
  • c-110
  • c-235_firmware
  • c-200
  • c-65
  • c-65_firmware
  • c-75_firmware
  • c-130
  • w-118
  • c-235
  • w-68
  • c-250_firmware
  • c-120_firmware
  • c-260
  • c-260_firmware
  • c-130_firmware
  • c-75
  • c-250
  • o-90_firmware
  • c-100_firmware

siemens

  • scalance_w700_ieee_802.11n_firmware
  • scalance_w1750d_firmware
  • scalance_w1700_ieee_802.11ac_firmware
  • scalance_w1700_ieee_802.11ac
  • scalance_w700_ieee_802.11n
  • scalance_w1750d

samsung

  • galaxy_i9305_firmware
  • galaxy_i9305
CWE
CWE-20

Improper Input Validation