CVE-2020-26145

MEDIUM6.5

An issue was discovered on Samsung Galaxy S3 i9305 4

Published May 11, 2021

Modified 1 years ago

Details

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

References

WEBhttp://www.openwall.com/lists/oss-security/2021/05/11/12 WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf WEBhttps://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-26145 WEBhttps://www.fragattacks.com

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

AdjacentAV:A

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

6.5/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Ecosystems

Timeline

PublishedMay 11, 2021

ModifiedAug 4, 2024