CVE-2020-24586

LOW

IEEE 802.11 - Arbitrary Network Packet Injection and Data Exfiltration via Fragment Cache Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24586. PoCs published by elvira-alec.

AI-analyzed exploit summary Fracture is a functional exploit framework for CVE-2020-24586, CVE-2020-24587, and CVE-2020-24588 (FragAttacks). It automates three attack chains via 802.11 frame injection to exploit A-MSDU aggregation vulnerabilities in WPA2/WPA3 networks, enabling arbitrary plaintext frame injection without knowing the password.

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Exploits (1)

nomisec WORKING POC

by elvira-alec · poc

https://github.com/elvira-alec/fracture

View Code ZIP pw:eip

Fracture is a functional exploit framework for CVE-2020-24586, CVE-2020-24587, and CVE-2020-24588 (FragAttacks). It automates three attack chains via 802.11 frame injection to exploit A-MSDU aggregation vulnerabilities in WPA2/WPA3 networks, enabling arbitrary plaintext frame injection without knowing the password.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WPA2/WPA3 WiFi networks (various router firmware)

No auth needed

Prerequisites: Linux with monitor mode support · WiFi adapter with injection capabilities · Python 3.10+ · Root privileges

MITRE ATT&CK