IM
IronMonkey Threat Research

CVE-2020-26146 MEDIUM

Published: 2021-05-11 | Last Modified: 2026-06-02 | Status: Modified

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

Additional Descriptions (1)

Se detectó un problema en los dispositivos Samsung Galaxy S3 i9305 versión 4.4.4. Las implementaciones de WPA, WPA2 y WPA3 reensamblan fragmentos con números de paquete no consecutivos. Un adversario puede abusar de esto para exfiltrar fragmentos seleccionados. Esta vulnerabilidad es explotable cuando otro dispositivo envía tramas fragmentadas y el protocolo de confidencialidad de datos WEP, CCMP o GCMP es usado. Tenga en cuenta que WEP es vulnerable a este ataque por diseño

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack VectorADJACENT_NETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactHIGH
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.6

Impact Score: 3.6

Base Score: 2.9 (LOW)

AV:A/AC:M/Au:N/C:N/I:P/A:N

Access VectorADJACENT_NETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 5.5

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-20
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-20

Affected Products

Vendor Product Version Update Type
samsung galaxy_i9305_firmware 4.4.4 <built-in method update of dict object at 0x72a9b0b4adc0> Operating System
arista c-250_firmware * <built-in method update of dict object at 0x72a9b0a6e5c0> Operating System
arista c-260_firmware * <built-in method update of dict object at 0x72a9b0a6ecc0> Operating System
arista c-230_firmware * <built-in method update of dict object at 0x72a9b0b4be40> Operating System
arista c-235_firmware * <built-in method update of dict object at 0x72a9b0a6de80> Operating System
arista c-200_firmware * <built-in method update of dict object at 0x72a9b0a6ca40> Operating System
arista c-120_firmware * <built-in method update of dict object at 0x72a9b0a6d640> Operating System
arista c-130_firmware * <built-in method update of dict object at 0x72a9b0e0ea80> Operating System
arista c-100_firmware * <built-in method update of dict object at 0x72a9b0a6fc40> Operating System
arista c-110_firmware * <built-in method update of dict object at 0x72ab550b44c0> Operating System
arista o-105_firmware * <built-in method update of dict object at 0x72a9b0b12b40> Operating System
arista w-118_firmware * <built-in method update of dict object at 0x72a9b0a6efc0> Operating System
arista c-75_firmware - <built-in method update of dict object at 0x72a9b0a6ec00> Operating System
arista o-90_firmware - <built-in method update of dict object at 0x72a9b0e0f700> Operating System
arista c-65_firmware - <built-in method update of dict object at 0x72a9b0b48e80> Operating System
arista w-68_firmware - <built-in method update of dict object at 0x72a9b0a6d6c0> Operating System
siemens scalance_w700_ieee_802.11n_firmware * <built-in method update of dict object at 0x72a9b0cd7f80> Operating System
siemens scalance_w1700_ieee_802.11ac_firmware * <built-in method update of dict object at 0x72a9b0a6d740> Operating System
siemens scalance_w1750d_firmware * <built-in method update of dict object at 0x72a9b0a6dd40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

References

Notification
Message here