Security News > 2021 > May > Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family of network protocols, allowing laptops, tablets, printers, smartphones, smart speakers, and other devices to communicate with each other and access the Internet via a wireless router.
Introduced in January 2018, WPA3 is a third-generation security protocol that's at the heart of most Wi-Fi devices with several enhancements such as robust authentication and increased cryptographic strength to safeguard wireless computer networks.
CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL. CVE-2020-26140: Accepting plaintext data frames in a protected network.
A bad actor can leverage these flaws to inject arbitrary network packets, intercept and exfiltrate user data, launch denial-of-service attacks, and even possibly decrypt packets in WPA or WPA2 networks.
"If network packets can be injected towards an , the adversary can abuse this to bypass the NAT/firewall and directly connect to any device in the local network."
Mitigations for FragAttacks from other companies like Cisco, HPE/Aruba Networks, Juniper Networks, and Sierra Wireless can be accessed in the advisory released by the Industry Consortium for Advancement of Security on the Internet.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2020-26144 | Improper Input Validation vulnerability in multiple products An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. | 6.5 |
| 2021-05-11 | CVE-2020-26140 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. | 6.5 |