CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

CVSS v3 5.3 MEDIUM
CVSS v2.0 2.9 LOW

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/05/11/12	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf	Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63	Third Party Advisory
https://www.fragattacks.com	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

History

06 Dec 2021, 13:45

Type	Values Removed	Values Added
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory
References	~~(MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 -~~	(MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory
CPE		cpe:2.3:o:arista:c-235_firmware:::::::: cpe:2.3:o:arista:c-200_firmware:::::::: cpe:2.3:h:arista:o-90:-:::::::* cpe:2.3:o:arista:c-100_firmware:::::::: cpe:2.3:o:arista:c-130_firmware:::::::: cpe:2.3:o:arista:o-105_firmware:::::::: cpe:2.3:h:arista:c-250:-:::::::* cpe:2.3:h:arista:w-68:-:::::::* cpe:2.3:o:arista:c-260_firmware:::::::: cpe:2.3:h:arista:c-230:-:::::::* cpe:2.3:h:arista:c-65:-:::::::* cpe:2.3:o:arista:c-230_firmware:::::::: cpe:2.3:o:arista:c-75_firmware:-:::::::* cpe:2.3:h:arista:c-200:-:::::::* cpe:2.3:o:arista:c-120_firmware:::::::: cpe:2.3:o:arista:o-90_firmware:-:::::::* cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:::::::* cpe:2.3:o:arista:w-118_firmware:::::::: cpe:2.3:h:arista:c-235:-:::::::* cpe:2.3:h:siemens:scalance_w1750d:-:::::::* cpe:2.3:o:siemens:scalance_w1750d_firmware:::::::: cpe:2.3:o:arista:c-65_firmware:-:::::::* cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:::::::: cpe:2.3:h:arista:c-100:-:::::::* cpe:2.3:h:arista:c-260:-:::::::* cpe:2.3:o:arista:w-68_firmware:-:::::::* cpe:2.3:h:arista:o-105:-:::::::* cpe:2.3:h:arista:c-120:-:::::::* cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:::::::: cpe:2.3:o:arista:c-110_firmware:::::::: cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:::::::* cpe:2.3:h:arista:c-110:-:::::::* cpe:2.3:o:arista:c-250_firmware:::::::: cpe:2.3:h:arista:w-118:-:::::::* cpe:2.3:h:arista:c-75:-:::::::* cpe:2.3:h:arista:c-130:-:::::::*

28 Oct 2021, 15:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 -

21 May 2021, 19:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.9 v3 : 5.3
CPE		cpe:2.3:h:samsung:galaxy_i9305:-:::::::* cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:::::::*
CWE		CWE-20
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory
References	~~(MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md -~~	(MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory
References	~~(MISC) https://www.fragattacks.com -~~	(MISC) https://www.fragattacks.com - Third Party Advisory

11 May 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-11 20:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-26146

Mitre link : CVE-2020-26146

CVE.ORG link : CVE-2020-26146

JSON object : View

Products Affected

siemens

scalance_w1750d_firmware
scalance_w700_ieee_802.11n_firmware
scalance_w1750d
scalance_w1700_ieee_802.11ac_firmware
scalance_w700_ieee_802.11n
scalance_w1700_ieee_802.11ac

arista

w-68
c-260_firmware
c-120_firmware
w-118_firmware
w-118
w-68_firmware
c-75_firmware
o-90
c-235
c-230
c-250
c-230_firmware
c-130
o-105
c-110
c-75
c-250_firmware
o-90_firmware
c-200_firmware
c-130_firmware
o-105_firmware
c-200
c-65
c-120
c-260
c-235_firmware
c-65_firmware
c-110_firmware
c-100
c-100_firmware

samsung

galaxy_i9305
galaxy_i9305_firmware

CWE

CWE-20

Improper Input Validation

5.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9 /10

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-26146

5.3^/10

2.9^/10

Attach tags to `CVE-2020-26146`