CVE-2020-26140

Published May 11, 2021

Last updated 2 months ago

CVSS medium 6.5
Smb
Wlan

Overview

Description
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Source
cve@mitre.org
NVD status
Modified
Products
awus036h_firmware, scalance_w1748-1_firmware, scalance_w1750d_firmware, scalance_w1788-1_firmware, scalance_w1788-2_firmware, scalance_w1788-2ia_firmware, scalance_w721-1_firmware, scalance_w722-1_firmware, scalance_w734-1_firmware, scalance_w738-1_firmware, scalance_w748-1_firmware, scalance_w761-1_firmware, scalance_w774-1_firmware, scalance_w778-1_firmware, scalance_w786-1_firmware, scalance_w786-2_firmware, scalance_w786-2ia_firmware, scalance_w788-1_firmware, scalance_w788-2_firmware, scalance_wam763-1_firmware, scalance_wam766-1_firmware, scalance_wam766-1_6ghz_firmware, scalance_wum763-1_firmware, scalance_wum766-1_firmware, scalance_wum766-1_6ghz_firmware, c-100_firmware, c-110_firmware, c-120_firmware, c-130_firmware, c-200_firmware, c-230_firmware, c-235_firmware, c-250_firmware, c-260_firmware, c-65_firmware, c-75_firmware, o-105_firmware, o-90_firmware, w-118_firmware, w-68_firmware, 1100_firmware, 1100-4p_firmware, 1100-8p_firmware, 1101-4p_firmware, 1109-2p_firmware, 1109-4p_firmware, aironet_1532_firmware, aironet_1542d_firmware, aironet_1542i_firmware, aironet_1552_firmware, aironet_1552h_firmware, aironet_1560_firmware, aironet_1562d_firmware, aironet_1562e_firmware, aironet_1562i_firmware, aironet_1572_firmware, aironet_1702_firmware, aironet_1800_firmware, aironet_1800i_firmware, aironet_1810_firmware, aironet_1810w_firmware, aironet_1815_firmware, aironet_1815i_firmware, aironet_1832_firmware, aironet_1842_firmware, aironet_1852_firmware, aironet_2702_firmware, aironet_2800_firmware, aironet_2800e_firmware, aironet_2800i_firmware, aironet_3702_firmware, aironet_3800_firmware, aironet_3800e_firmware, aironet_3800i_firmware, aironet_3800p_firmware, aironet_4800_firmware, aironet_ap803_firmware, aironet_iw3702_firmware, catalyst_9105_firmware, catalyst_9105axi_firmware, catalyst_9105axw_firmware, catalyst_9115_firmware, catalyst_9115_ap_firmware, catalyst_9115axe_firmware, catalyst_9115axi_firmware, catalyst_9117_firmware, catalyst_9117_ap_firmware, catalyst_9117axi_firmware, catalyst_9120_firmware, catalyst_9120_ap_firmware, catalyst_9120axe_firmware, catalyst_9120axi_firmware, catalyst_9120axp_firmware, catalyst_9124_firmware, catalyst_9124axd_firmware, catalyst_9124axi_firmware, catalyst_9130_firmware, catalyst_9130_ap_firmware, catalyst_9130axe_firmware, catalyst_9130axi_firmware, catalyst_iw6300_firmware, catalyst_iw6300_ac_firmware, catalyst_iw6300_dc_firmware, catalyst_iw6300_dcw_firmware, esw-6300-con-x-k9_firmware, esw6300_firmware, ip_phone_6861_firmware, ip_phone_8821_firmware, ip_phone_8832_firmware, ip_phone_8861_firmware, ip_phone_8865_firmware, ir829-2lte-ea-ak9_firmware, ir829-2lte-ea-bk9_firmware, ir829-2lte-ea-ek9_firmware, ir829gw-lte-ga-ck9_firmware, ir829gw-lte-ga-ek9_firmware, ir829gw-lte-ga-sk9_firmware, ir829gw-lte-ga-zk9_firmware, ir829gw-lte-na-ak9_firmware, ir829gw-lte-vz-ak9_firmware, meraki_gr10_firmware, meraki_gr60_firmware, meraki_mr12_firmware, meraki_mr20_firmware, meraki_mr26_firmware, meraki_mr30h_firmware, meraki_mr32_firmware, meraki_mr33_firmware, meraki_mr34_firmware, meraki_mr36_firmware, meraki_mr42_firmware, meraki_mr42e_firmware, meraki_mr44_firmware, meraki_mr45_firmware, meraki_mr46_firmware, meraki_mr46e_firmware, meraki_mr52_firmware, meraki_mr53_firmware, meraki_mr53e_firmware, meraki_mr55_firmware, meraki_mr56_firmware, meraki_mr62_firmware, meraki_mr66_firmware, meraki_mr70_firmware, meraki_mr72_firmware, meraki_mr74_firmware, meraki_mr76_firmware, meraki_mr84_firmware, meraki_mr86_firmware, meraki_mx64w_firmware, meraki_mx65w_firmware, meraki_mx67cw_firmware, meraki_mx67w_firmware, meraki_mx68cw_firmware, meraki_mx68w_firmware, meraki_z3_firmware, meraki_z3c_firmware, webex_board_55_firmware, webex_board_55s_firmware, webex_board_70_firmware, webex_board_70s_firmware, webex_board_85s_firmware, webex_dx70_firmware, webex_dx80_firmware, webex_room_55_firmware, webex_room_55_dual_firmware, webex_room_70_firmware, webex_room_70_dual_firmware, webex_room_70_dual_g2_firmware, webex_room_70_single_firmware, webex_room_70_single_g2_firmware, webex_room_kit_firmware, webex_room_kit_mini_firmware, ac_8260_firmware, ac_8265_firmware, ac_9260_firmware, ac_9560_firmware, killer_ac_1550_firmware, killer_wi-fi_6_ax1650_firmware, killer_wi-fi_6e_ax1675_firmware, proset_ac_3165_firmware, proset_ac_3168_firmware, proset_ac_8260_firmware, proset_ac_8265_firmware, proset_ac_9260_firmware, proset_ac_9461_firmware, proset_ac_9462_firmware, proset_ac_9560_firmware, proset_wi-fi_6_ax200_firmware, proset_wi-fi_6_ax201_firmware, proset_wi-fi_6e_ax210_firmware, proset_wireless_7265_\(rev_d\)_firmware, wi-fi_6_ax200_firmware, wi-fi_6_ax201_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
3.3
Impact score
2.9
Exploitability score
6.5
Vector string
AV:A/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-327

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter, websHostFilter, portForward, singlePortForward, and ipportFilter using subshell syntax or unfiltered parameters, with payloads persisting in NVRAM and re-executing on every subsequent firewall.cgi request.CVE-2026-41926
  2. WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter. Attackers can send a crafted request with shell metacharacters in the reboot_time parameter when reboot_enabled=1 to achieve remote code execution.CVE-2026-41925
  3. Transient DOS when processing target power rate tables during channel configuration.CVE-2025-47401
  4. Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.CVE-2025-47403
  5. In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.CVE-2026-31608

References

Sources include official advisories and independent security research.