CVE-2020-26140
MEDIUMCVSS 6.5/10EPSS 2.92%
Last modified
CVE-2020-26140 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. EPSS estimates a 2.92% chance of exploitation in the next 30 days.
Description
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Alfa | Awus036h Firmware | 6.1316.1209 |
| Siemens | Scalance W1748-1 Firmware | All versions |
| Siemens | Scalance W1750d Firmware | All versions |
| Siemens | Scalance W1788-1 Firmware | All versions |
| Siemens | Scalance W1788-2 Firmware | All versions |
| Siemens | Scalance W1788-2ia Firmware | All versions |
| Siemens | Scalance W721-1 Firmware | All versions |
| Siemens | Scalance W722-1 Firmware | All versions |
| Siemens | Scalance W734-1 Firmware | All versions |
| Siemens | Scalance W738-1 Firmware | All versions |
| Siemens | Scalance W748-1 Firmware | All versions |
| Siemens | Scalance W761-1 Firmware | All versions |
| Siemens | Scalance W774-1 Firmware | All versions |
| Siemens | Scalance W778-1 Firmware | All versions |
| Siemens | Scalance W786-1 Firmware | All versions |
| Siemens | Scalance W786-2 Firmware | All versions |
| Siemens | Scalance W786-2ia Firmware | All versions |
| Siemens | Scalance W788-1 Firmware | All versions |
| Siemens | Scalance W788-2 Firmware | All versions |
| Siemens | Scalance Wam763-1 Firmware | All versions |
| Siemens | Scalance Wam766-1 Firmware | All versions |
| Siemens | Scalance Wam766-1 6ghz Firmware | All versions |
| Siemens | Scalance Wum763-1 Firmware | All versions |
| Siemens | Scalance Wum766-1 Firmware | All versions |
| Siemens | Scalance Wum766-1 6ghz Firmware | All versions |
| Arista | C-100 Firmware | All versions |
| Arista | C-110 Firmware | All versions |
| Arista | C-120 Firmware | All versions |
| Arista | C-130 Firmware | All versions |
| Arista | C-200 Firmware | All versions |
| Arista | C-230 Firmware | All versions |
| Arista | C-235 Firmware | All versions |
| Arista | C-250 Firmware | All versions |
| Arista | C-260 Firmware | All versions |
| Arista | C-65 Firmware | All versions |
| Arista | C-75 Firmware | All versions |
| Arista | O-105 Firmware | All versions |
| Arista | O-90 Firmware | All versions |
| Arista | W-118 Firmware | All versions |
| Arista | W-68 Firmware | All versions |
| Cisco | 1100 Firmware | All versions |
| Cisco | 1100-4p Firmware | All versions |
| Cisco | 1100-8p Firmware | All versions |
| Cisco | 1101-4p Firmware | All versions |
| Cisco | 1109-2p Firmware | All versions |
| Cisco | 1109-4p Firmware | All versions |
| Cisco | Aironet 1532 Firmware | All versions |
| Cisco | Aironet 1542d Firmware | All versions |
| Cisco | Aironet 1542i Firmware | All versions |
| Cisco | Aironet 1552 Firmware | All versions |
Showing 50 of 194 affected configurations. See NVD for the full list.
References
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-26140?
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
How severe is CVE-2020-26140?
CVE-2020-26140 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 2.92% probability of exploitation in the next 30 days.
How do I fix CVE-2020-26140?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2020-26140?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST