Medium severity6.5NVD Advisory· Published May 11, 2021· Updated Apr 14, 2026
CVE-2020-26144
CVE-2020-26144
Description
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
Affected products
18- cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.openwall.com/lists/oss-security/2021/05/11/12nvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfnvdThird Party Advisory
- github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdnvdThird Party Advisory
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWunvdThird Party Advisory
- www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63nvdThird Party Advisory
- www.fragattacks.comnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-019200.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-913875.htmlnvd
News mentions
1- Siemens SCALANCECISA Alerts