vulnerability

Microsoft Windows: CVE-2020-26144: Windows Wireless Networking Spoofing Vulnerability

Try Surface Command
Back to search
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:N)
Published
May 11, 2021
Added
May 11, 2021
Modified
Sep 5, 2025

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Solutions

microsoft-windows-windows_10-1507-kb5003172microsoft-windows-windows_10-1607-kb5003197microsoft-windows-windows_10-1803-kb5003174microsoft-windows-windows_10-1809-kb5003171microsoft-windows-windows_10-1909-kb5003169microsoft-windows-windows_10-2004-kb5003173microsoft-windows-windows_10-20h2-kb5003173microsoft-windows-windows_server_2012-kb5003203microsoft-windows-windows_server_2012_r2-kb5003220microsoft-windows-windows_server_2016-1607-kb5003197microsoft-windows-windows_server_2019-1809-kb5003171msft-kb5003169-100e483c-fdd0-4798-98ff-749598eb44dcmsft-kb5003173-526cbcf1-1a27-4425-b1c8-4ad4ba713cf9msft-kb5003173-d9fd3f4a-b6b8-4bb8-a5f5-55bc477b259dmsft-kb5003203-ba33654a-837a-41e0-8b4c-9c1398022c83msft-kb5003203-f1497061-bea0-404b-a57f-28dfd236a7a3msft-kb5003220-26cfa708-2eb5-47f1-803c-714473752c73msft-kb5003220-edc429de-b659-4d5c-bdc1-e3fb97f108edmsft-kb5003225-c5277086-5370-4d3a-b1fd-0277247188fcmsft-kb5003225-f358a4b0-5a53-485c-aca6-2376e56ddb01msft-kb5003228-438020ac-acaa-488f-93e5-4138ad00658cmsft-kb5003228-78019214-1216-4370-a913-0f45e37e1bd4msft-kb5003228-7ff144a6-5518-4338-9169-6853cdc808aemsft-kb5003228-f5bfe18f-6fcf-41d1-b502-c14f0dfee1f0msft-kb5003228-f7af9fde-a532-4630-b14d-b6dff7efce2a

References

    Title
    Rapid7 Labs

    2026 Global Threat Landscape Report

    The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.