CVE-2020-26145

MEDIUM

Samsung Galaxy S3 i9305 Firmware - Arbitrary Network Packet Injection via Fragment Acceptance

Title source: llm

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

https://www.fragattacks.com

Third Party Advisory x_refsource_misc

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

View Writeup ZIP pw:eip

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/05/11/12

Patch, Third Party Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-913875.html

Scores

CVSS v3 6.5

EPSS 0.0352

EPSS Percentile 87.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (13)

samsung/galaxy_i9305_firmware 4.4.4

siemens/6gk5763-1al00-3aa0_firmware < 1.2

siemens/6gk5763-1al00-3da0_firmware < 1.2

siemens/6gk5763-1al00-7da0_firmware < 1.2

siemens/6gk5766-1ge00-3da0_firmware < 1.2

siemens/6gk5766-1ge00-3db0_firmware < 1.2

siemens/6gk5766-1ge00-7da0_firmware < 1.2

siemens/6gk5766-1ge00-7db0_firmware < 1.2

siemens/6gk5766-1ge00-7ta0_firmware < 1.2

siemens/6gk5766-1ge00-7tb0_firmware < 1.2

... and 3 more

Published May 11, 2021

Tracked Since Feb 18, 2026