Design/Logic Flaw

2021-05-1120:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.1%

JSON

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CPENameOperatorVersion
c-100_firmwareeq< 11.0.0-36
c-110_firmwareeq< 11.0.0-36
c-120_firmwareeq< 11.0.0-36
c-130_firmwareeq< 11.0.0-36
c-200_firmwareeq< 11.0.0-36
c-230_firmwareeq< 10.0.1-31
c-235_firmwareeq< 10.0.1-31
c-250_firmwareeq< 10.0.1-31
c-260_firmwareeq< 10.0.1-31
o-105_firmwareeq< 11.0.0-36

Name	Operator	Version
c-100_firmware	eq	< 11.0.0-36
c-110_firmware	eq	< 11.0.0-36
c-120_firmware	eq	< 11.0.0-36
c-130_firmware	eq	< 11.0.0-36
c-200_firmware	eq	< 11.0.0-36
c-230_firmware	eq	< 10.0.1-31
c-235_firmware	eq	< 10.0.1-31
c-250_firmware	eq	< 10.0.1-31
c-260_firmware	eq	< 10.0.1-31
o-105_firmware	eq	< 11.0.0-36