Network Packet Injection Vulnerability in Samsung Galaxy S3
CVE-2020-26144

6.5MEDIUM

Key Information:

Vendor
Samsung
Status
Galaxy I9305 Firmware
Vendor
CVE Published:
11 May 2021

Summary

A vulnerability has been identified in the Samsung Galaxy S3 i9305 4.4.4 devices where the wireless security protocols (WEP, WPA, WPA2, and WPA3) improperly handle plaintext A-MSDU frames. Specifically, as long as the initial 8 bytes match a valid RFC1042 LLC/SNAP header for EAPOL, an attacker can exploit this weakness to inject arbitrary network packets without needing the requisite network configuration. This can lead to various security issues, including unauthorized access to sensitive data and manipulation of network traffic. Users are encouraged to apply all relevant security updates to mitigate this risk.

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
https://www.fragattacks.com
x_refsource_MISC
https://github.com/vanhoefm/fragattacks/blob/master/SUMMA...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.