Vulnerability Description
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Arubaos | >= 6.5.4.0, <= 8.10.0.21 |
| Arubanetworks | 7010 | - |
| Arubanetworks | 7030 | - |
| Arubanetworks | 7205 | - |
| Arubanetworks | 7210 | - |
| Arubanetworks | 7220 | - |
| Arubanetworks | 7240Xm | - |
| Arubanetworks | 7280 | - |
| Arubanetworks | 9004 | - |
| Arubanetworks | 9004-Lte | - |
| Arubanetworks | 9012 | - |
| Arubanetworks | 9106 | - |
| Arubanetworks | 9114 | - |
| Arubanetworks | 9240 | - |
| Arubanetworks | Ap-634 | - |
| Arubanetworks | Ap-635 | - |
| Arubanetworks | Ap-654 | - |
| Arubanetworks | Ap-655 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-23810?
CVE-2026-23810 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-address...
How severe is CVE-2026-23810?
CVE-2026-23810 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23810?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Arubaos, Arubanetworks 7010, Arubanetworks 7030, Arubanetworks 7205, Arubanetworks 7210.