6.5
CVE-2020-26144
- EPSS 1.27%
- Published 11.05.2021 20:15:08
- Last modified 21.11.2024 05:19:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
Data is provided by the National Vulnerability Database (NVD)
Samsung ≫ Galaxy I9305 Firmware Version4.4.4
Arista ≫ C-250 Firmware Version < 10.0.1-31
Arista ≫ C-260 Firmware Version < 10.0.1-31
Arista ≫ C-230 Firmware Version < 10.0.1-31
Arista ≫ C-235 Firmware Version < 10.0.1-31
Arista ≫ C-200 Firmware Version < 11.0.0-36
Arista ≫ C-120 Firmware Version < 11.0.0-36
Arista ≫ C-130 Firmware Version < 11.0.0-36
Arista ≫ C-100 Firmware Version < 11.0.0-36
Arista ≫ C-110 Firmware Version < 11.0.0-36
Arista ≫ O-105 Firmware Version < 11.0.0-36
Arista ≫ W-118 Firmware Version < 11.0.0-36
Arista ≫ C-75 Firmware Version-
Arista ≫ O-90 Firmware Version-
Arista ≫ C-65 Firmware Version-
Arista ≫ W-68 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.27% | 0.788 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.