Vulnerability: Arbitrary Network Packet Injection on Samsung Galaxy S3 i9305 4.4.4 Devices

Vulnerability: Arbitrary Network Packet Injection on Samsung Galaxy S3 i9305 4.4.4 Devices

CVE-2020-26144 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Learn more about our Network Penetration Testing.