Vulnerability Description
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alfa | Awus036H Firmware | 6.1316.1209 |
| Alfa | Awus036H | - |
| Cisco | Meraki Gr10 Firmware | < 27.7.1 |
| Cisco | Meraki Gr10 | - |
| Cisco | Meraki Gr60 Firmware | < 27.7.1 |
| Cisco | Meraki Gr60 | - |
| Cisco | Meraki Mr20 Firmware | < 27.7.1 |
| Cisco | Meraki Mr20 | - |
| Cisco | Meraki Mr30H Firmware | < 27.7.1 |
| Cisco | Meraki Mr30H | - |
| Cisco | Meraki Mr33 Firmware | < 27.7.1 |
| Cisco | Meraki Mr33 | - |
| Cisco | Meraki Mr36 Firmware | < 27.7.1 |
| Cisco | Meraki Mr36 | - |
| Cisco | Meraki Mr42 Firmware | < 27.7.1 |
| Cisco | Meraki Mr42 | - |
| Cisco | Meraki Mr42E Firmware | < 27.7.1 |
| Cisco | Meraki Mr42E | - |
| Cisco | Meraki Mr44 Firmware | < 27.7.1 |
| Cisco | Meraki Mr44 | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
FAQ
What is CVE-2020-26141?
CVE-2020-26141 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An advers...
How severe is CVE-2020-26141?
CVE-2020-26141 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26141?
Check the references section above for vendor advisories and patch information. Affected products include: Alfa Awus036H Firmware, Alfa Awus036H, Cisco Meraki Gr10 Firmware, Cisco Meraki Gr10, Cisco Meraki Gr60 Firmware.