CVE-2020-26139
Advisory lineage Upstream: 0 Downstream: 33
Modified
Published: 11 May 2021, 19:37
Last modified:14 Apr 2026, 08:49
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.3 MEDIUM
v3.1 (nvd)
EPSS Score
2.25% LOW
2% probability +1.84%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 May 2021, 19:37
Published
Vulnerability first disclosed
14 Apr 2026, 08:49
Last Modified
Vulnerability information updated
Description
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•LOW•Score: 2.9AV:A/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 2.25%• Percentile: 85%
Techniques & Countermeasures
- CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Systems
- arista•c-100_firmware
na
- arista•c-110_firmware
na
- arista•c-120_firmware
na
- arista•c-130_firmware
na
- arista•c-200_firmware
na
- arista•c-230_firmware
na
- arista•c-235_firmware
na
- arista•c-250_firmware
na
- arista•c-260_firmware
na
- arista•c-65_firmware
na
- arista•c-75_firmware
na
- arista•o-105_firmware
na
- arista•o-90_firmware
na
- arista•w-118_firmware
na
- arista•w-68_firmware
na
- cisco•1100_firmware
na
- cisco•1100-4p_firmware
na
- cisco•1100-8p_firmware
na
- cisco•1101-4p_firmware
na
- cisco•1109-2p_firmware
na
- cisco•1109-4p_firmware
na
- cisco•aironet_1532_firmware
na
- cisco•aironet_1542d_firmware
na
- cisco•aironet_1542i_firmware
na
- cisco•aironet_1552_firmware
na
- cisco•aironet_1552h_firmware
na
- cisco•aironet_1572_firmware
na
- cisco•aironet_1702_firmware
na
- cisco•aironet_1800_firmware
na
- cisco•aironet_1800i_firmware
na
- cisco•aironet_1810_firmware
na
- cisco•aironet_1810w_firmware
na
- cisco•aironet_1815_firmware
na
- cisco•aironet_1815i_firmware
na
- cisco•aironet_1832_firmware
na
- cisco•aironet_1842_firmware
na
- cisco•aironet_1852_firmware
na
- cisco•aironet_2702_firmware
na
- cisco•aironet_2800_firmware
na
- cisco•aironet_2800e_firmware
na
- cisco•aironet_2800i_firmware
na
- cisco•aironet_3702_firmware
na
- cisco•aironet_3800_firmware
na
- cisco•aironet_3800e_firmware
na
- cisco•aironet_3800i_firmware
na
- cisco•aironet_3800p_firmware
na
- cisco•aironet_4800_firmware
na
- cisco•aironet_ap803_firmware
na
- cisco•aironet_iw3702_firmware
na
- cisco•catalyst_9105_firmware
na
Showing first 50 affected entries in server-rendered view.
References (10)
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html