Vulnerability
CVE-2020-24588
Component: WIFI
Location: OS
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Impact
Severity (Manufact.)
HIGH
Severity (NIST)
3.5
Severity (Android)
N/A
Chipsets
12
Devices
514
Affected Hardware
| Name | Also known as | Manufacturer |
|---|---|---|
| MSM8917 | Snapdragon 425 | Qualcomm |
| MSM8953 | Snapdragon 625 | Qualcomm |
| SDM636 | Snapdragon 636 | Qualcomm |
| SM6150 | Snapdragon 675 | Qualcomm |
| SM7325 | Snapdragon 778G | Qualcomm |
| MSM8994 | Snapdragon 810 | Qualcomm |
| SM8350 | Snapdragon 888 | Qualcomm |
| SC8180 | Snapdragon 8c | Qualcomm |
| SC8180X | Snapdragon 8cx | Qualcomm |
| MSM8909w | Wear 2100 Wear 2500 Wear 3100 | Qualcomm |
12 of 12 row(s) shown.
Rows per page
Page 1 of 2
Information reliability
The information on this website is intended to provide information on the big picture of chipset security and measure trends within the industry. Our information is obtained from several vantage points, checked for consistency, and automatically cross-referenced. However, this process may not always yield reliable information. Do not use the information on a particular vulnerability, chipset or device to verify your individual exposure in cases where inaccuracies are inacceptable, for instance to assess risks if you are a Politically Exposed Person.
Timeline
Introduced (est):
Jul 1, 2014
Reported:
Dec 13, 2020
Advisory Published:
Aug 2, 2021
CVE Published:
May 11, 2021
Android Patch Level:
Oct 2021
