An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Se detectó un problema en el controlador ALFA Windows 10 versión 1030.36.604 para AWUS036ACH. Las implementaciones WEP, WPA, WPA2 y WPA3 aceptan tramas de texto plano fragmentados en una red Wi-Fi protegida. Un adversario puede abusar de esto para inyectar tramas de datos arbitrarias independientes de la configuración de la red
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
| Attack Vector | ADJACENT_NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | HIGH |
| Availability Impact | NONE |
AV:A/AC:L/Au:N/C:N/I:P/A:N
| Access Vector | ADJACENT_NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | PARTIAL |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-20
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| alfa | awus036h_firmware | 1030.36.604 | <built-in method update of dict object at 0x72a9b0db7980> | Operating System |
| arista | c-75_firmware | - | <built-in method update of dict object at 0x72a9b0c989c0> | Operating System |
| arista | o-90_firmware | - | <built-in method update of dict object at 0x72a9cd079c40> | Operating System |
| arista | c-65_firmware | - | <built-in method update of dict object at 0x72a9cd0c1940> | Operating System |
| arista | w-68_firmware | - | <built-in method update of dict object at 0x72a9cd0c1380> | Operating System |
| siemens | scalance_w700_ieee_802.11n_firmware | * | <built-in method update of dict object at 0x72a9cd0c2cc0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:* |