Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview

Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.

Description

The Bluetooth Core Specification and Mesh Profile Specification are two specifications used to define the technical and policy requirements for devices that want to operate over Bluetooth connections. Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a number of vulnerabilities in each specification that allow impersonation attacks and AuthValue disclosures.

Devices supporting the Bluetooth Core Specification are affected by the following vulnerabilities:

Impersonation in the Passkey Entry Protocol

The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack that enables an active attacker to impersonate the initiating device without any previous knowledge (CVE-2020-26558). An attacker acting as a man-in-the-middle (MITM) in the Passkey authentication procedure could use a crafted series of responses to determine each bit of the randomly generated Passkey selected by the pairing initiator in each round of the pairing procedure, and once identified, the attacker can use these Passkey bits during the same pairing session to successfully complete the authenticated pairing procedure with the responder. Devices supporting BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2, BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 and LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2 are affected by this vulnerability.

Impersonation in the Pin Pairing Protocol

The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555). An attacker could connect to a victim device by spoofing the Bluetooth Device Address (BD_ADDR) of the device, reflect the the encrypted nonce, and complete BR/EDR pin-code pairing with them without knowledge of the pin code. A successful attack requires the attacking device to be within wireless range of a vulnerable device supporting BR/EDR Legacy Pairing that is Connectable and Bondable. Devices supporting the Bluetooth Core Specification versions 1.0B through 5.2 are affected by this vulnerability.

Devices supporting Bluetooth Mesh Profile Specification, versions 1.0 and 1.0.1, are affected by the following vulnerabilities:

Impersonation in Bluetooth Mesh Provisioning

The Mesh Provisioning procedure could allow an attacker without knowledge of the AuthValue, spoofing a device being provisioned, to use crafted responses to appear to possess the AuthValue and to be issued a valid NetKey and potentially an AppKey (CVE-2020-26560). For this attack to be successful, an attacking device needs to be within wireless range of a Mesh Provisioner and either spoof the identity of a device being provisioned over the air or be directly provisioned onto a subnet controlled by the provisioner.

Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM

The Mesh Provisioning procedure could allow an attacker observing or taking part in the provisioning to brute force the AuthValue if it has a fixed value, or is selected predictably or with low entropy (CVE-2020-26557). Identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search, for a randomly selected AuthValue, must complete before the provisioning procedure times out, which can require significant resources. If the AuthValue is not selected randomly with each new provisioning attempt, then the brute-force search can occur offline and if successful, would permit an attacker to identify the AuthValue and authenticate to both the Provisioner and provisioned devices, permitting a MITM attack on a future provisioning attempts with the same AuthValue.

Malleable Commitment

The authentication protocol is vulnerable if the AuthValue can be identified during the provisioning procedure, even if the AuthValue is selected randomly (CVE-2020-26556). If an attacker can identify the AuthValue used before the provisioning procedure times out, it is possible to complete the provisioning operation and obtain a NetKey. Similar to CVE-2020-26557, identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search for a randomly selected AuthValue, which can require significant resources, must complete before the provisioning procedure times out.

AuthValue Leak

The Mesh Provisioning procedure could allow an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly without brute-forcing its value (CVE-2020-26559). Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, and provisioning random value, and providing its public key for use in the provisioning procedure, will be able to compute the AuthValue directly.

Impact

Impersonation in the Passkey Entry Protocol

This vulnerability could allow an attacker to authenticate to the response victim device and act as a legitimate encrypted device. The attacker cannot pair with the initiating device using this method of attack, which prevents a fully transparent man-in-the-middle attack between the initiator and responder. For this attack to be successful, an attacking device needs to be within wireless range of two vulnerable Bluetooth devices that are initiating pairing or bonding for which a BR/EDR IO Capabilities exchange or LE IO Capability in the pairing request and response results in the selection of the Passkey pairing procedure.

Impersonation in the Pin Pairing Protocol

This vulnerability could allow an attacker to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing.

Impersonation in Bluetooth Mesh Provisioning

This vulnerability could allow an attacker to successfully authenticate without the AuthValue. Once authenticated, the attacker could perform any operation permitted to a node provisioned on the subnet until it is either denied access or a new subnet is formed without the attacking node present.

Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM

This vulnerability could allow an attacker to successfully brute force the AuthValue and authenticate to both the Provisioner and provisioned devices, permitting a MITM attack on a future provisioning attempt with the same AuthValue.

Malleable Commitment

This vulnerability could allow an attacker to obtain a NetKey, which could be used to decrypt and authenticate up to the network layer, allowing the relay of messages, but no application data decryption.

AuthValue Leak

This vulnerability could allow an attacker to compute the AuthValue and authenticate to the Provisioner and provisioned devices.

Solution

Bluetooth users should ensure that they have installed the latest recommended updates from device and operating system manufacturers.

In addition to the two vulnerabilities affecting the Bluetooth Core Specification, the researchers also identified a potential security vulnerability related to LE Legacy Pairing authentication in Bluetooth Core Specification versions 4.0 through 5.2. The researchers claim that an attacker can reflect the confirmation and random numbers of a peer device in LE legacy pairing to successfully complete legacy authentication phase 2 without knowledge of the temporary key (TK). Because the attacker does not acquire a TK, or valid short-term key (STK) during this attack, completing authentication phase 2 is not sufficient for an encrypted link to be established. While the Bluetooth SIG does not consider this to be a method which can provide unauthorized access to a device, they still recommend that LE implementations requiring pairing and encryption use LE Secure Connections. The Bluetooth SIG also recommends that, where possible, implementations enable and enforce Secure Connections Only Mode, ensuring that LE legacy pairing cannot be used.

The Bluetooth SIG additionally makes the following recommendations for each vulnerability:

Impersonation in the Passkey Entry Protocol

For the attack to succeed the pairing device needs to accept the same public key that it provided to the remote peer as the remote peer’s public key. The Bluetooth SIG recommends that potentially vulnerable implementations restrict the public keys accepted from a remote peer device to disallow a remote peer to present the same public key chosen by the local device, and the pairing procedure should be terminated with a failure status if this occurs.

Impersonation in the Pin Pairing Protocol

The Bluetooth SIG recommends that potentially vulnerable devices not initiate or accept connections from remote devices claiming the same BD_ADDR as the local device. They also continue to recommend that devices use Secure Simple Pairing or BR/EDR Secure Connections to avoid known vulnerabilities with legacy BR/EDR pairing.

Impersonation in Bluetooth Mesh Provisioning

The Bluetooth SIG recommends that potentially vulnerable mesh provisioners restrict the authentication procedure and not accept provisioning both random and confirmation numbers from a remote peer that are the same as those selected by the local device.

Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM

The Bluetooth SIG recommends that mesh implementations enforce a randomly selected AuthValue using all of the available bits, where permitted by the implementation. A large entropy helps ensure that a brute-force of the AuthValue, even a static AuthValue, cannot normally be completed in a reasonable time.

Malleable Commitment

The statement from the Bluetooth SIG notes: “AuthValues selected using a cryptographically secure random or pseudorandom number generator and having the maximum permitted entropy (128-bits) will be most difficult to brute-force. AuthValues with reduced entropy or generated in a predictable manner will not grant the same level of protection against this vulnerability. Selecting a new AuthValue with each provisioning attempt can also make it more difficult to launch a brute-force attack by requiring the attacker to restart the search with each provisioning attempt.”

AuthValue Leak

The Bluetooth SIG recommends that potentially vulnerable mesh provisioners use an out-of-band mechanism to exchange the public keys.

Acknowledgements

Thanks to researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) for reporting these vulnerabilities.

This document was written by Madison Oliver.

Vendor Information

799380

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Android Open Source Project __ Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 22, 2021

CVE-2020-26555	Affected
Vendor Statement:
Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin.
CVE- 2020-26556	Not Affected Vendor Statement:
Android does not support Bluetooth Mesh so is not vulnerable.
CVE-2020-26557	Not Affected Vendor Statement:
Android does not support Bluetooth Mesh so is not vulnerable.
CVE-2020-26558	Affected Vendor Statement:
Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin.
CVE-2020-26559	Not Affected Vendor Statement:
Android does not support Bluetooth Mesh so is not vulnerable.
CVE-2020-26560	Not Affected Vendor Statement:
Android does not support Bluetooth Mesh so is not vulnerable.
VU#799380.5	Affected Vendor Statement:
Our assessment of this report is that it is of negligible security impact on Android.

Cisco __ Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: April 26, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Cisco is tracking these vulnerabilities via incident PSIRT-0503777710.

Cisco has investigated the impact of the aforementioned Bluetooth Specification vulnerabilities and is currently waiting for all the individual product development teams to provide Software fixes to address them.

Cradlepoint __ Affected

Notified: 2020-12-03 Updated: 2021-05-26

Statement Date: May 25, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557
Fixed in NCOS 7.21.40
CVE-2020-26559	Not Affected CVE-2020-26560
Fixed in NCOS 7.21.20

Vendor Statement

Cradlepoint’s MC20BT, Bluetooth Low Energy 5.1 Module, was released January 2021 and is compatible with E3000 and E300 Enterprise Branch routers.

The MC20BT is vulnerable to CVE-2020-26558 (patched in NCOS version 7.21.40) and VU#799380.5 (patched in NCOS version 7.21.20)

If you are using the MC20BT with an Enterprise series router, Cradlepoint recommends upgrade to 7.21.40 or higher. For more information regarding upgrading your Cradlepoint device, visit our knowledgebase.

https://customer.cradlepoint.com/s/article/Best-Practice-Stairstepping-NCOS-Upgrades

Dell Affected

Notified: 2020-12-03 Updated: 2021-12-09

Statement Date: December 09, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Fujitsu __ Affected

Notified: 2021-06-14 Updated: 2021-08-05

Statement Date: August 05, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Fujitsu is aware of the security vulnerabilities in Bluetooth devices under VU#799380.

Fujitsu products are not affected by INTEL-SA-00517, but are affected by INTEL-SA-00520, i.e. CVE-2020-26555 and CVE-2020-26558.

Fujitsu has already provided Software updates for Intel® Wi-Fi 6 AX201, Intel® Wireless-AC 9560, Intel® Dual Band Wireless-AC 8265 and Intel® Dual Band Wireless-AC 8260 components employed in Fujitsu mobile products and Fujitsu INTELLIEDGE.

The Fujitsu PSIRT has updated the state for Fujitsu PSS-IS-2021-060800 on https://security.ts.fujitsu.com (Security Notices) accordingly.

In case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT ([email protected]).

Intel Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 18, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Microchip Technology __ Affected

Notified: 2020-12-03 Updated: 2021-05-26

Statement Date: May 24, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Microchip is aware of multiple Bluetooth Core specification vulnerabilities. We have determined that some CVEs affect some of our Bluetooth products. For details on impacted products and resolution plans, visit below URL

References

• <https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/anssi-bluetooth-core-vulnerabilities.html&gt;

Red Hat Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: May 24, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Sierra Wireless __ Affected

Notified: 2020-12-03 Updated: 2021-05-26

Statement Date: May 25, 2021

CVE-2020-26555	Affected
CVE- 2020-26556	Affected CVE-2020-26557

Vendor Statement

Sierra Wireless products are affected by some of these vulnerabilities. Please check the security bulletin linked in the reference section for details on your product. Sierra Wireless would like to thank the researchers at the Agence Nationale de la Sécurité des Systèmes d’information (ANSSI) for reporting these vulnerabilities, as well as the efforts of CERT/CC for coordinating the response.

References

• <https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-004/&gt;

A10 Networks __ Not Affected

Notified: 2020-12-03 Updated: 2021-06-23

Statement Date: June 23, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Bluetooth is not a supported feature or capability in any A10 Networks, Inc products.

Actiontec __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: January 21, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We are not currently using Bluetooth on any of our products.

ADTRAN __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 16, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

No ADTRAN products have Bluetooth enabled at this time.

Arista Networks __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 16, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Arista products do not use bluetooth and are therefore not affected.

AVM GmbH __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 12, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

AVM doesn’t produce Bluetooth products. We did 18 years ago, but these devices reached their end of life status very long time ago.

Barracuda Networks Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: January 19, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Belden __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 17, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Belden devices do not support Bluetooth and are not affected by these vulnerabilities.

Brocade Communication Systems __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 19, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

No Brocade Fibre Channel Products from Broadcom products are affected by this vulnerability.

Ceragon Networks Inc __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: April 11, 2021

CVE-2020-26555	Not Affected
Vendor Statement:
we dont have bluetooth stack in our products
CVE- 2020-26556	Unknown CVE-2020-26557
we dont have bluetooth stack in our products
CVE-2020-26559	Unknown CVE-2020-26560
we dont have bluetooth stack in our products

Vendor Statement

we dont have bluetooth stack in our products

Check Point __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 21, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Check Point doesn’t use Bluetooth in its appliances.

dd-wrt Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: December 07, 2020

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

D-Link Systems Inc. Not Affected

Notified: 2020-12-03 Updated: 2021-09-01

Statement Date: September 01, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

eCosCentric Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 16, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

F5 Networks __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: December 04, 2020

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We do not build or install any component of the Bluetooth drivers in the BIG-IP, so those vulnerabilities do not affect F5 BIG-IP products.

Fastly Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: December 14, 2020

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Green Hills Software Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 25, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

HCC Embedded __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 16, 2021

CVE-2020-26555	Not Affected
Vendor Statement:
HCC does not use Bluetooth stack so not affected.
CVE- 2020-26556	Not Affected CVE-2020-26557
HCC does not use Bluetooth stack so not affected.
CVE-2020-26559	Not Affected CVE-2020-26560
HCC does not use Bluetooth stack so not affected.

Vendor Statement

HCC does not use Bluetooth stack so not affected.

Illumos __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 18, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

illumos, nor its distributions, have a native bluetooth stack. If a distribution has a bluetooth stack, it originated from another open-source package.

Infoblox Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: April 09, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Joyent __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: March 18, 2021

CVE-2020-26555	Not Affected
Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
CVE- 2020-26556	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
CVE-2020-26557	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
CVE-2020-26558	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
CVE-2020-26559	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
CVE-2020-26560	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.
VU#799380.5	Not Affected Vendor Statement:
Upstream illumos does not have a Bluetooth stack, neither does SmartOS.

Vendor Statement

SmartOS is a distrubtion of illumos, and does not include a native or distribution-specific bluetooth stack.

LANCOM Systems GmbH __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: May 20, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

See https://www.lancom-systems.com/service-support/instant-help/general-security-information/ for details.

lwIP __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: February 17, 2021

CVE-2020-26555	Not Affected
Vendor Statement:
lwIP does not have a bluetooth stack, so we’re not affected.
CVE- 2020-26556	Not Affected CVE-2020-26557
lwIP does not have a bluetooth stack, so we’re not affected.
CVE-2020-26559	Not Affected CVE-2020-26560
lwIP does not have a bluetooth stack, so we’re not affected.

Vendor Statement

lwIP does not have a bluetooth stack, so we’re not affected.

McAfee Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: May 17, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

MikroTik __ Not Affected

Notified: 2020-12-03 Updated: 2023-07-13

Statement Date: July 13, 2023

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

MikroTik Bluetooth implementation does not work in a peer-to-peer scenario, where pairing is involved. MikroTik devices work in Bluetooth Advertiser and Scanner topologies, where Bluetooth devices advertise/broadcast data over Bluetooth advertising channels, and MikroTik routers just scan the air to capture the Bluetooth payloads. Once again, there is no pairing involved. Pairing scenarios are scenarios where, for example, your phone connects to your headset, making a peer-to-peer connection between the two devices. In MikroTik’s case, we do not support pairing, so it does not affect us. MESH vulnerabilities also do not affect us, as MikroTik does not support this feature.

Miredo __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: January 19, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

Not concerned with Bluetooth.

Sophos Not Affected

Notified: 2020-12-03 Updated: 2021-06-24

Statement Date: June 24, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Treck __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: April 25, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557
Not affected.

Vendor Statement

Not affected.

Ubiquiti Not Affected

Notified: 2020-12-03 Updated: 2021-06-03

Statement Date: June 03, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

VMware Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: December 14, 2020

CVE-2020-26555	Not Affected
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Zyxel __ Not Affected

Notified: 2020-12-03 Updated: 2021-05-24

Statement Date: April 20, 2021

CVE-2020-26555	Not Affected
CVE- 2020-26556	Not Affected CVE-2020-26557

Vendor Statement

Zyxel products are NOT affected because they don’t support the authentication pairing functions, the mesh profile, or do not support Bluetooth at all.

u-blox Unknown

Notified: 2020-12-11 Updated: 2021-05-24

Statement Date: May 21, 2021

CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ACCESS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Actelis Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ADATA Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Aerohive Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

AhnLab Inc Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

AirWatch Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Akamai Technologies Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Alcatel-Lucent Enterprise Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Allied Telesis Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Alpine Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Altran Intelligent Systems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Amazon Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ANTlabs Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Apple Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Arch Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ARRIS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Aruba Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Aspera Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ASUSTeK Computer Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Atheros Communications Inc Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

AT&T Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Avaya Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Belkin Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Bell Canada Enterprises Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

BlackBerry Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Blackberry QNX Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

BlueCat Networks Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Blue Coat Systems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Bluetooth SIG Unknown

Notified: 2020-10-27 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

BoringSSL Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Broadcom Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Buffalo Technology Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Cambium Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

CA Technologies Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Cirpack Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

CMX Systems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Comcast Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Commscope Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Cricket Wireless Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Cypress Semiconductor Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

CZ.NIC Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Debian GNU/Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

DesktopBSD Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Deutsche Telekom Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Devicescape Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Digi International Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

dnsmasq Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

DragonFly BSD Project Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

eero Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

EfficientIP Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ENEA Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Ericsson Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Espressif Systems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

European Registry for Internet Domains Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Express Logic Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Fedora Project Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

FNet Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Force10 Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Fortinet Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Foundry Brocade Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

FreeBSD Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

FreeRTOS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

F-Secure Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Geexbox Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Gentoo Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

GFI Software Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

GNU adns Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

GNU glibc Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Google Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Grandstream Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

HardenedBSD Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Hewlett Packard Enterprise Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Hitachi Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Honeywell Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

HP Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

HTC Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Huawei Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

IBM Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation (zseries) Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

IBM Numa-Q Division (Formerly Sequent) Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ICASI Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

InfoExpress Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Inmarsat Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium - DHCP Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

INTEROP Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

IP Infusion Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

JH Software Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

JPCERT/CC Vulnerability Handling Team Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Juniper Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Lancope Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Lantronix Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Lenovo Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

LG Electronics Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

LibreSSL Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

LiteSpeed Technologies Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

m0n0wall Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Marconi Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Marvell Semiconductor Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

MediaTek Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Medtronic Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Men & Mice Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Metaswitch Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Micro Focus Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Microsoft Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Mitel Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Motorola Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Muonics Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Center Netherlands Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Centre Finland Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NCSC-FI Vulnerability Coordinator Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NetBSD Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NetBurner Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NetComm Wireless Limited Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NETGEAR Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NETSCOUT Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

netsnmp Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

netsnmpj Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Nexenta Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NIKSUN Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Nixu Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

NLnet Labs Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Nokia Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Nominum Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenBSD Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenConnect Ltd Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenDNS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenIndiana Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenSSL Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Openwall GNU/*/Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

OpenWRT Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Oracle Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Oryx Embedded Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Paessler Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Palo Alto Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Peplink Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

pfSense Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Philips Electronics Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Phoenix Contact Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

PHPIDS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

PowerDNS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Proxim Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Pulse Secure Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

QLogic Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

QNAP Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Quadros Systems Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Quagga Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Qualcomm Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Quantenna Communications Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Riverbed Technologies Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Ruckus Wireless Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Ruijie Networks Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SafeNet Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Samsung Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Samsung Mobile Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Samsung Semiconductor Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Secure64 Software Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SEIKO EPSON Corp. / Epson America Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Silicon Labs Unknown

Notified: 2021-02-17 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Slackware Linux Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SMC Networks Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SmoothWall Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Snort Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SonicWall Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Sonos Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Sourcefire Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

SUSE Linux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Symantec Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Synology Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

systemd Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

TCPWave Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

TDS Telecom Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Technicolor Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Tenable Network Security Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

The OpenBSD project Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

TippingPoint Technologies Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Toshiba Commerce Solutions Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

TP-LINK Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

TrueOS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Turbolinux Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Unisys Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Univention Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Untangle Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Vertical Networks Inc. Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

VMware Carbon Black Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Vultures List Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Wind River Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

WizNET Technology Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

wolfSSL Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Xiaomi Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

XigmaNAS Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Xilinx Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Zebra Technologies Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

ZTE Corporation Unknown

Notified: 2020-12-03 Updated: 2021-05-24 CVE-2020-26555	Unknown
CVE- 2020-26556	Unknown CVE-2020-26557

Vendor Statement

We have not received a statement from the vendor.

View all 249 vendors __View less vendors __

References

• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/legacy-pairing/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/&gt;
• <https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/&gt;
• <https://www.bluetooth.com/specifications/specs/core-specification/&gt;
• <https://www.bluetooth.com/specifications/specs/mesh-profile-1-0-1/&gt;
• <https://www.ieee-security.org/TC/SP2021/SPW2021/WOOT21/&gt;
• <https://www.novelbits.io/bluetooth-mesh-tutorial-part-3/&gt;

Other Information

CVE IDs:	CVE-2020-26555 [CVE- 2020-26556 ](<http://web.nvd.nist.gov/vuln/detail/CVE- 2020-26556>) CVE-2020-26557 CVE-2020-26558 CVE-2020-26559 CVE-2020-26560
API URL:	VINCE JSON
Date Public:	2021-05-24 Date First Published: