CVE-2020-26140

high-risk
Published 2021-05-11

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Awus036H Firmware
Scalance W1748-1 Firmware
Scalance W1788-1 Firmware
Scalance W1788-2 Firmware
Scalance W1788-2 Firmware
Scalance W1788-2Ia Firmware
Scalance W721-1 Firmware
Scalance W722-1 Firmware
Scalance W734-1 Firmware
Scalance W738-1 Firmware
Scalance W748-1 Firmware
Scalance W748-1 Firmware
Scalance W761-1 Firmware
Scalance W774-1 Firmware
Scalance W774-1 Firmware
Scalance W778-1 Firmware
Scalance W778-1 Firmware
Scalance W786-1 Firmware
Scalance W786-2 Firmware

Affected Vendors

Cisco Siemens Intel Arista Alfa

References (12)

Mailing List http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Third Party Advisory https://www.fragattacks.com
Mailing List http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Third Party Advisory https://www.fragattacks.com
55
/ 100
high-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical