CVE-2020-26144

Name of the Vulnerable Software and Affected Versions Samsung Galaxy S3 i9305 version 4.4.4 Check Point GAiA (affected versions not specified)

Description An issue was discovered in the WEP, WPA, WPA2, and WPA3 implementations, which accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. This allows an adversary to inject arbitrary network packets independent of the network configuration. The vulnerability exists due to insufficient input validation, enabling a remote attacker to impact the integrity of protected information using specially crafted unencrypted A-MSDU frames starting with an RFC1042 header with an EAPOL type.

Recommendations For Samsung Galaxy S3 i9305 version 4.4.4, consider disabling the use of WEP, WPA, WPA2, and WPA3 implementations until a patch is available. For Check Point GAiA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.