CVE-2020-26145

6.5MEDIUM

Key Information:

Vendor
Samsung
Status
Galaxy I9305 Firmware
Vendor
CVE Published:
11 May 2021

Summary

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

References

https://www.fragattacks.com
x_refsource_MISC
https://github.com/vanhoefm/fragattacks/blob/master/SUMMA...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/11/12
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.