CVE-2020-26141
high-risk
Published 2021-05-11
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
Do I need to act?
-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
Awus036H Firmware
Meraki Gr10 Firmware
Meraki Gr60 Firmware
Meraki Mr20 Firmware
Meraki Mr30H Firmware
Meraki Mr33 Firmware
Meraki Mr36 Firmware
Meraki Mr42 Firmware
Meraki Mr42E Firmware
Meraki Mr44 Firmware
Meraki Mr45 Firmware
Meraki Mr46 Firmware
Meraki Mr46E Firmware
Meraki Mr52 Firmware
Meraki Mr53 Firmware
Meraki Mr53E Firmware
Meraki Mr55 Firmware
Meraki Mr56 Firmware
Meraki Mr70 Firmware
Meraki Mr74 Firmware
References (12)
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Third Party Advisory
https://www.fragattacks.com
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Third Party Advisory
https://www.fragattacks.com
52
/ 100
high-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical