WPA3 Vulnerability Affecting Samsung Galaxy S3 i9305 Devices
CVE-2020-26145

6.5MEDIUM

Key Information:

Vendor

Samsung
Status
Galaxy I9305 Firmware
Vendor
CVE Published:
11 May 2021

What is CVE-2020-26145?

A vulnerability exists in the Wi-Fi implementations on Samsung Galaxy S3 i9305 devices running version 4.4.4. The flaw affects WEP, WPA, WPA2, and WPA3 protocols, allowing untrusted users to send plaintext broadcast fragments. This can lead to the injection of arbitrary network packets, bypassing normal security configurations and potentially compromising the integrity of transmitted data.

References

https://www.fragattacks.com
x_refsource_MISC
https://github.com/vanhoefm/fragattacks/blob/master/SUMMA...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/11/12
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.