PT-2021-1510 · Samsung+9 · Samsung Galaxy S3+9
Mathy Vanhoef
·
Published
2021-05-11
·
Updated
2022-05-13
·
CVE-2020-26145
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Samsung Galaxy S3 i9305 version 4.4.4
Check Point GAiA (affected versions not specified)
Description
The issue exists due to insufficient input validation in the implementation of WEP, WPA, WPA2, and WPA3 algorithms. This allows a remote attacker to inject arbitrary network packets, regardless of the network configuration, by exploiting the acceptance of second or subsequent broadcast fragments sent in plaintext and processing them as full unfragmented frames.
Recommendations
For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Samsung Galaxy S3 i9305 version 4.4.4, consider restricting access to the network until a patch is available.
For Check Point GAiA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Check Point Gaia
Linuxmint
Red Hat
Samsung Galaxy S3
Suse
Ubuntu