Fragmentation Vulnerability in Samsung Galaxy S3 i9305 Devices
CVE-2020-26146

5.3MEDIUM

Key Information:

Vendor
Samsung
Status
Galaxy I9305 Firmware
Vendor
CVE Published:
11 May 2021

Summary

A vulnerability has been identified in Samsung Galaxy S3 i9305 4.4.4 devices, specifically regarding the implementations of WPA, WPA2, and WPA3 protocols. This issue allows for the reassembly of fragmented packets with non-consecutive packet numbers, which can be exploited by an attacker. By sending fragmented frames, an adversary is able to exfiltrate selected fragments, putting the confidentiality of transmitted data at risk. Notably, the WEP protocol is inherently vulnerable to this attack due to its design flaws, raising significant security concerns for devices utilizing these wireless security protocols.

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
https://www.fragattacks.com
x_refsource_MISC
https://github.com/vanhoefm/fragattacks/blob/master/SUMMA...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.