CVE-2020-26146
Summary
| CVE | CVE-2020-26146 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-11 20:15:08 UTC |
| Updated | 2026-04-14 09:16:26 UTC |
| Description | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from [email protected]
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS: 0.014090000 probability, percentile 0.805160000 (date 2026-04-15)
Problem Types: CWE-20 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.3 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 2.0 | [email protected] | Primary | 2.9 | AV:A/AC:M/Au:N/C:N/I:P/A:N |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:A/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Arista | C-100 | - | All | All | All |
| Operating System | Arista | C-100 Firmware | All | All | All | All |
| Hardware | Arista | C-110 | - | All | All | All |
| Operating System | Arista | C-110 Firmware | All | All | All | All |
| Hardware | Arista | C-120 | - | All | All | All |
| Operating System | Arista | C-120 Firmware | All | All | All | All |
| Hardware | Arista | C-130 | - | All | All | All |
| Operating System | Arista | C-130 Firmware | All | All | All | All |
| Hardware | Arista | C-200 | - | All | All | All |
| Operating System | Arista | C-200 Firmware | All | All | All | All |
| Hardware | Arista | C-230 | - | All | All | All |
| Operating System | Arista | C-230 Firmware | All | All | All | All |
| Hardware | Arista | C-235 | - | All | All | All |
| Operating System | Arista | C-235 Firmware | All | All | All | All |
| Hardware | Arista | C-250 | - | All | All | All |
| Operating System | Arista | C-250 Firmware | All | All | All | All |
| Hardware | Arista | C-260 | - | All | All | All |
| Operating System | Arista | C-260 Firmware | All | All | All | All |
| Hardware | Arista | C-65 | - | All | All | All |
| Operating System | Arista | C-65 Firmware | - | All | All | All |
| Hardware | Arista | C-75 | - | All | All | All |
| Operating System | Arista | C-75 Firmware | - | All | All | All |
| Hardware | Arista | O-105 | - | All | All | All |
| Operating System | Arista | O-105 Firmware | All | All | All | All |
| Hardware | Arista | O-90 | - | All | All | All |
| Operating System | Arista | O-90 Firmware | - | All | All | All |
| Hardware | Arista | W-118 | - | All | All | All |
| Operating System | Arista | W-118 Firmware | All | All | All | All |
| Hardware | Arista | W-68 | - | All | All | All |
| Operating System | Arista | W-68 Firmware | - | All | All | All |
| Hardware | Samsung | Galaxy I9305 | - | All | All | All |
| Operating System | Samsung | Galaxy I9305 Firmware | 4.4.4 | All | All | All |
| Hardware | Siemens | Scalance W1700 Ieee 802.11ac | - | All | All | All |
| Operating System | Siemens | Scalance W1700 Ieee 802.11ac Firmware | All | All | All | All |
| Hardware | Siemens | Scalance W1750d | - | All | All | All |
| Operating System | Siemens | Scalance W1750d Firmware | All | All | All | All |
| Hardware | Siemens | Scalance W700 Ieee 802.11n | - | All | All | All |
| Operating System | Siemens | Scalance W700 Ieee 802.11n Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | SCALANCE W1748-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1748-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1750D JP | affected V8.7.1.3 custom | Not specified |
| ADP | Siemens | SCALANCE W1750D ROW | affected V8.7.1.3 custom | Not specified |
| ADP | Siemens | SCALANCE W1750D USA | affected V8.7.1.3 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2 EEC M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2IA M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE WAM763-1 | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 US | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 EEC | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 EEC US | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WUM766-1 | affected V1.2.0 custom | Not specified |
| ADP | Siemens | SCALANCE WUM766-1 USA | affected V1.2.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Third Party Advisory |
| fragattacks/SUMMARY.md at master · vanhoefm/fragattacks · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-019200.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| FragAttacks: Security flaws in all Wi-Fi devices | af854a3a-2127-422b-91ae-364da2661108 | www.fragattacks.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-913875.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| Security Advisory 0063 - Arista | af854a3a-2127-422b-91ae-364da2661108 | www.arista.com | Third Party Advisory |
| Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Third Party Advisory |
| oss-security - various 802.11 security issues - fragattacks.com | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159403 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9459)
- 159492 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-4356)
- 239816 Red Hat Update for kernel security (RHSA-2021:4356)
- 239879 Red Hat Update for kernel-rt (RHSA-2021:4140)
- 390248 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0035)
- 43828 HPE ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2021-011)
- 591035 Siemens SCALANCE FragAttacks Multiple Vulnerabilities (ICSA-22-104-04) (SSA-913875)
- 591104 Mitsubishi Electric GT25-WLAN (Update A) Multiple Vulnerabilities (ICSA-22-102-04)
- 591150 Hitachi ABB Power Grids TropOS Multiple Vulnerabilities (ICSA-21-236-01,9AKK107992A4463)
- 610373 Google Android Devices October 2021 Security Patch Missing
- 610381 Google Android November 2021 Security Patch Missing for Huawei EMUI
- 610383 Google Android November 2021 Security Patch Missing for LGE
- 671441 EulerOS Security Update for kernel (EulerOS-SA-2022-1366)
- 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
- 940265 AlmaLinux Security Update for kernel (ALSA-2021:4356)