PT-2021-3059 · Alfa+4 · Alfa Windows 10 Driver+4

Mathy Vanhoef

Published

2021-05-11

Updated

2025-08-20

CVE-2020-26140

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ALFA Windows 10 driver version 6.1316.1209 for AWUS036H

Description An issue was discovered in the ALFA Windows 10 driver where the WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. This allows an adversary to inject arbitrary data frames independent of the network configuration.

Recommendations For ALFA Windows 10 driver version 6.1316.1209, consider disabling the use of WEP, WPA, WPA2, and WPA3 until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-327

Related Identifiers

ALSA-2021:4356

BDU:2021-02666

CESA-2021_4140

CESA-2021_4356

CVE-2020-26140

OESA-2022-2017

RHSA-2021:4140

RHSA-2021:4356

RHSA-2021_4140

RHSA-2021_4356

Affected Products

Alfa Windows 10 Driver

Almalinux

Centos

Check Point Gaia

Red Hat

PT-2021-3059 · Alfa+4 · Alfa Windows 10 Driver+4

CVE-2020-26140

Weakness Enumeration

Related Identifiers

Affected Products

References · 79