CVE-2020-26143: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-26143 was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH, disclosed on May 11, 2021. The vulnerability affects WEP, WPA, WPA2, and WPA3 implementations that accept fragmented plaintext frames in a protected Wi-Fi network (FragAttacks, MITRE).

The vulnerability allows an adversary to inject arbitrary data frames independent of the network configuration by accepting fragmented plaintext frames in a protected Wi-Fi network. The issue has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

An attacker can abuse this vulnerability to inject arbitrary data frames into a protected Wi-Fi network, bypassing the network's security configuration. This could allow unauthorized access to network resources and potential manipulation of network traffic (FragAttacks).

Vendors have prepared security updates during a 9-month coordinated disclosure supervised by the Wi-Fi Alliance and ICASI. Users should ensure their devices have the latest security updates installed. For unpatched devices, using HTTPS for websites and keeping other security updates current can help mitigate some risks (FragAttacks).

The vulnerability was part of a larger set of Wi-Fi vulnerabilities dubbed 'FragAttacks' that received significant industry attention. Multiple vendors including Cisco, Arista, and Siemens have issued security advisories and patches for their affected products (Cisco Advisory, Arista Advisory).