Professional Documents
Culture Documents
The Industry Consortium for Advancement of Security on the Internet (ICASI) recently
disclosed that a collection of new security vulnerabilities called FragAttacks
(fragmentation and aggregation attacks) could affect Wi-Fi devices. Some
vulnerabilities are widespread design flaws in the Wi-Fi standard or widespread
programming mistakes in Wi-Fi products.
Problems Resolved:
Implementation vulnerabilities that allow the trivial injection of plain text frames in a
protected Wi-Fi network are assigned the following CVEs:
• CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet
authenticated (should only affect APs).
• CVE-2020-26146: Reassembling encrypted fragments with non-consecutive
packet numbers.
• CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
• CVE-2020-26142: Processing fragmented frames as full frames.
• CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.
DISCLAIMER: Please note that this is a device beta software, beta firmware, or hot-fix
release which is still undergoing final testing before its official release. The beta software,
beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user
assumes all risk and liability for use thereof. D-Link does not provide any warranties, whether
express or implied, as to the suitability or usability of the beta firmware. D-Link will not be
liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by
any party as a result of their use of the beta firmware.