CVE-2020-24588

Published May 11, 2021

Last updated 2 months ago

CVSS low 3.5
Smb
Wlan

Overview

Description
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Source
cve@mitre.org
NVD status
Modified
Products
ieee_802.11, mac80211, windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, debian_linux, scalance_w1748-1_firmware, scalance_w1750d_firmware, scalance_w1788-1_firmware, scalance_w1788-2_firmware, scalance_w1788-2ia_firmware, scalance_w721-1_firmware, scalance_w722-1_firmware, scalance_w734-1_firmware, scalance_w738-1_firmware, scalance_w748-1_firmware, scalance_w761-1_firmware, scalance_w774-1_firmware, scalance_w778-1_firmware, scalance_w786-1_firmware, scalance_w786-2_firmware, scalance_w786-2ia_firmware, scalance_w788-1_firmware, scalance_w788-2_firmware, scalance_wam763-1_firmware, scalance_wam766-1_firmware, scalance_wam766-1_6ghz_firmware, scalance_wum763-1_firmware, scalance_wum766-1_firmware, scalance_wum766-1_6ghz_firmware, c-100_firmware, c-110_firmware, c-120_firmware, c-130_firmware, c-200_firmware, c-230_firmware, c-235_firmware, c-250_firmware, c-260_firmware, c-65_firmware, c-75_firmware, o-105_firmware, o-90_firmware, w-118_firmware, w-68_firmware, 1100_firmware, 1100-4p_firmware, 1100-8p_firmware, 1101-4p_firmware, 1109-2p_firmware, 1109-4p_firmware, aironet_1532_firmware, aironet_1542d_firmware, aironet_1542i_firmware, aironet_1800_firmware, aironet_1800i_firmware, aironet_1810_firmware, aironet_1810w_firmware, aironet_1815_firmware, aironet_1815i_firmware, aironet_1832_firmware, aironet_1842_firmware, aironet_1852_firmware, aironet_ap803_firmware, aironet_iw3702_firmware, catalyst_9105_firmware, catalyst_9105axi_firmware, catalyst_9105axw_firmware, catalyst_9115_firmware, catalyst_9115_ap_firmware, catalyst_9115axe_firmware, catalyst_9115axi_firmware, catalyst_9117_firmware, catalyst_9117_ap_firmware, catalyst_9117axi_firmware, catalyst_9120_firmware, catalyst_9120_ap_firmware, catalyst_9120axe_firmware, catalyst_9120axi_firmware, catalyst_9120axp_firmware, catalyst_9124_firmware, catalyst_9124axd_firmware, catalyst_9124axi_firmware, catalyst_9130_firmware, catalyst_9130_ap_firmware, catalyst_9130axe_firmware, catalyst_9130axi_firmware, ip_phone_6861_firmware, ip_phone_8821_firmware, ip_phone_8832_firmware, ip_phone_8861_firmware, ip_phone_8865_firmware, ir829-2lte-ea-ak9_firmware, ir829-2lte-ea-bk9_firmware, ir829-2lte-ea-ek9_firmware, ir829gw-lte-ga-ck9_firmware, ir829gw-lte-ga-ek9_firmware, ir829gw-lte-ga-sk9_firmware, ir829gw-lte-ga-zk9_firmware, ir829gw-lte-na-ak9_firmware, ir829gw-lte-vz-ak9_firmware, meraki_gr10_firmware, meraki_gr60_firmware, meraki_mr12_firmware, meraki_mr20_firmware, meraki_mr26_firmware, meraki_mr30h_firmware, meraki_mr32_firmware, meraki_mr33_firmware, meraki_mr34_firmware, meraki_mr36_firmware, meraki_mr42_firmware, meraki_mr42e_firmware, meraki_mr44_firmware, meraki_mr45_firmware, meraki_mr46_firmware, meraki_mr46e_firmware, meraki_mr52_firmware, meraki_mr53_firmware, meraki_mr53e_firmware, meraki_mr55_firmware, meraki_mr56_firmware, meraki_mr62_firmware, meraki_mr66_firmware, meraki_mr70_firmware, meraki_mr72_firmware, meraki_mr74_firmware, meraki_mr76_firmware, meraki_mr84_firmware, meraki_mr86_firmware, meraki_mx64w_firmware, meraki_mx65w_firmware, meraki_mx67cw_firmware, meraki_mx67w_firmware, meraki_mx68cw_firmware, meraki_mx68w_firmware, meraki_z3_firmware, meraki_z3c_firmware, webex_board_55_firmware, webex_board_55s_firmware, webex_board_70_firmware, webex_board_70s_firmware, webex_board_85s_firmware, webex_dx70_firmware, webex_dx80_firmware, webex_room_55_firmware, webex_room_55_dual_firmware, webex_room_70_firmware, webex_room_70_dual_firmware, webex_room_70_dual_g2_firmware, webex_room_70_single_firmware, webex_room_70_single_g2_firmware, webex_room_kit_firmware, webex_room_kit_mini_firmware, ac_8260_firmware, ac_8265_firmware, ac_9260_firmware, ac_9560_firmware, killer_ac_1550_firmware, killer_wi-fi_6_ax1650_firmware, killer_wi-fi_6e_ax1675_firmware, proset_ac_3165_firmware, proset_ac_3168_firmware, proset_ac_8260_firmware, proset_ac_8265_firmware, proset_ac_9260_firmware, proset_ac_9461_firmware, proset_ac_9462_firmware, proset_ac_9560_firmware, proset_wi-fi_6_ax200_firmware, proset_wi-fi_6_ax201_firmware, proset_wi-fi_6e_ax210_firmware, proset_wireless_7265_\(rev_d\)_firmware, wi-fi_6_ax200_firmware, wi-fi_6_ax201_firmware, linux_kernel

Risk scores

CVSS 3.1

Type
Primary
Base score
3.5
Impact score
1.4
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

CVSS 2.0

Type
Primary
Base score
2.9
Impact score
2.9
Exploitability score
5.5
Vector string
AV:A/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-327

Social media

Hype score
Not currently trending

  1. 【仕様の脆弱性】IEEE P802.11-REVme D1.1からD7.0に、メッシュネットワークでFragAttacksが成立する脆弱性。CVE-2025-27558はWPA、WPA2、WPA3、又はWEPを使用するネットワークで、SSP A-MSDUフレーム以外の受信に対応する機器に

    @__kokumoto

    27 May 2025

    878 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.CVE-2026-50508
  2. Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.CVE-2026-50507
  3. Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.CVE-2026-49160
  4. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.CVE-2026-48583
  5. Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-48578

References

Sources include official advisories and independent security research.