Vulnerabilities (CVE)

Filtered by vendor Samsung Subscribe
Filtered by product Galaxy I9305
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26145 2 Samsung, Siemens 26 Galaxy I9305, Galaxy I9305 Firmware, 6gk5763-1al00-3aa0 and 23 more 2024-02-04 3.3 LOW 6.5 MEDIUM
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
CVE-2020-26144 3 Arista, Samsung, Siemens 36 C-100, C-100 Firmware, C-110 and 33 more 2024-02-04 3.3 LOW 6.5 MEDIUM
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
CVE-2020-26146 3 Arista, Samsung, Siemens 38 C-100, C-100 Firmware, C-110 and 35 more 2024-02-04 2.9 LOW 5.3 MEDIUM
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.