PT-2021-3061 · Alfa+4 · Alfa Windows 10 Driver+4

Mathy Vanhoef

Published

2021-05-11

Updated

2023-03-03

CVE-2020-26143

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ALFA Windows 10 driver version 1030.36.604

Description An issue exists in the WEP, WPA, WPA2, and WPA3 implementations of the ALFA Windows 10 driver, allowing an adversary to inject arbitrary data frames into a protected Wi-Fi network by accepting fragmented plaintext frames. This is due to insufficient input validation in the driver's implementation of these algorithms. The vulnerability can be exploited to impact the integrity of protected information.

Recommendations For ALFA Windows 10 driver version 1030.36.604, consider disabling the use of WEP, WPA, WPA2, and WPA3 until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4356

BDU:2021-02668

CESA-2021_4140

CESA-2021_4356

CVE-2020-26143

OESA-2022-2017

RHSA-2021:4140

RHSA-2021:4356

RHSA-2021_4140

RHSA-2021_4356

Affected Products

Alfa Windows 10 Driver

Almalinux

Centos

Check Point Gaia

Red Hat

PT-2021-3061 · Alfa+4 · Alfa Windows 10 Driver+4

CVE-2020-26143

Weakness Enumeration

Related Identifiers

Affected Products

References · 78