6.5
CVE-2020-26145
- EPSS 4.06%
- Published 11.05.2021 20:15:08
- Last modified 21.11.2024 05:19:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
Data is provided by the National Vulnerability Database (NVD)
Samsung ≫ Galaxy I9305 Firmware Version4.4.4
Siemens ≫ 6gk5763-1al00-7da0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-7da0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-7db0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1je00-7da0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-7ta0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-7tb0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1je00-7ta0 Firmware Version < 1.2
Siemens ≫ 6gk5763-1al00-3aa0 Firmware Version < 1.2
Siemens ≫ 6gk5763-1al00-3da0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-3da0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1ge00-3db0 Firmware Version < 1.2
Siemens ≫ 6gk5766-1je00-3da0 Firmware Version < 1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.06% | 0.88 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.