Security Advisory
1) Input validation error
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-24586
CWE-ID: CWE-20 - Improper Input Validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
WAH7706: All versions
LTE4506-M606: All versions
USG60W: All versions
USG40W: All versions
WX3310-B0: before 1.00(ABSF.2)C0
WRE6605: All versions
WRE6602: All versions
WRE6505 v2: All versions
WRE2206: All versions
WAP6806: All versions
WAP6804: All versions
WAP3205 v3: All versions
NWD6605: All versions
NWD6602: All versions
NWD6505: All versions
NBG7815 (Armor G5): All versions
NBG6818 (Armor G1): All versions
NBG6817 (Armor Z2): All versions
Support the originator by clicking the read the rest link below.
