Lucene search

K
cveMitreCVE-2020-26146
HistoryMay 11, 2021 - 8:15 p.m.

CVE-2020-26146

2021-05-1120:15:08
CWE-20
mitre
web.nvd.nist.gov
220
9
samsung galaxy s3
i9305
4.4.4
wpa
wpa2
wpa3
fragment reassembly
vulnerability
nvd

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

46.5%

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

Affected configurations

Nvd
Node
samsunggalaxy_i9305_firmwareMatch4.4.4
AND
samsunggalaxy_i9305Match-
Node
aristac-250_firmwareRange<10.0.1-31
AND
aristac-250Match-
Node
aristac-260_firmwareRange<10.0.1-31
AND
aristac-260Match-
Node
aristac-230_firmwareRange<10.0.1-31
AND
aristac-230Match-
Node
aristac-235_firmwareRange<10.0.1-31
AND
aristac-235Match-
Node
aristac-200_firmwareRange<11.0.0-36
AND
aristac-200Match-
Node
aristac-120_firmwareRange<11.0.0-36
AND
aristac-120Match-
Node
aristac-130_firmwareRange<11.0.0-36
AND
aristac-130Match-
Node
aristac-100_firmwareRange<11.0.0-36
AND
aristac-100Match-
Node
aristac-110_firmwareRange<11.0.0-36
AND
aristac-110Match-
Node
aristao-105_firmwareRange<11.0.0-36
AND
aristao-105Match-
Node
aristaw-118_firmwareRange<11.0.0-36
AND
aristaw-118Match-
Node
aristac-75_firmwareMatch-
AND
aristac-75Match-
Node
aristao-90_firmwareMatch-
AND
aristao-90Match-
Node
aristac-65_firmwareMatch-
AND
aristac-65Match-
Node
aristaw-68_firmwareMatch-
AND
aristaw-68Match-
Node
siemensscalance_w700_ieee_802.11n_firmware
AND
siemensscalance_w700_ieee_802.11nMatch-
Node
siemensscalance_w1700_ieee_802.11ac_firmware
AND
siemensscalance_w1700_ieee_802.11acMatch-
Node
siemensscalance_w1750d_firmwareRange<8.7.1.3
AND
siemensscalance_w1750dMatch-
VendorProductVersionCPE
samsunggalaxy_i9305_firmware4.4.4cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
samsunggalaxy_i9305-cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*
aristac-250_firmware*cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*
aristac-250-cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*
aristac-260_firmware*cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*
aristac-260-cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*
aristac-230_firmware*cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*
aristac-230-cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*
aristac-235_firmware*cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*
aristac-235-cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

Social References

More

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

46.5%