CVE-2020-24586

LOW

802.11 - Memory Corruption

Title source: llm

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Exploits (1)

nomisec WORKING POC
by elvira-alec · poc
https://github.com/elvira-alec/fracture

References (9)

Scores

CVSS v3 3.5
EPSS 0.0146
EPSS Percentile 80.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

Status published
Products (24)
arista/c-200_firmware < 11.0.0-36
arista/c-230_firmware < 10.0.1-31
arista/c-235_firmware < 10.0.1-31
arista/c-250_firmware < 10.0.1-31
arista/c-260_firmware < 10.0.1-31
debian/debian_linux 9.0
ieee/ieee_802.11
intel/ac_1550_firmware
intel/ac_3165_firmware < 19.51.33.1
intel/ac_3168_firmware < 19.51.33.1
... and 14 more
Published May 11, 2021
Tracked Since Feb 18, 2026