CVE-2020-26141 [Medium] | Security Vulnerability in Awus036h Firmware

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-14	0.32%	0.24%	-0.09%
2	2026-03-04	0.25%	0.32%	+0.07%
3	2026-03-01	—	0.25%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-14

0.32%

0.24%

-0.09%

2026-03-04

0.25%

0.32%

+0.07%

2026-03-01

—

0.25%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.5	3.1	MEDIUM	`CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N` Click to expand Attack vector (AV:A) Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:N) Service keeps running; no real outage angle.	2.8	3.6	[email protected]
3.3	2.0	LOW	`AV:A/AC:L/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:A) Requires access to an adjacent network segment. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	6.5	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.5

3.1

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Click to expand

Attack vector (AV:A): Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N): Service keeps running; no real outage angle.

2.8

3.6

[email protected]

3.3

2.0

LOW

AV:A/AC:L/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:A): Requires access to an adjacent network segment.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

6.5

2.9

[email protected]

OS Trackers for CVE-2020-26141

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2020-26141 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2020-26141
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2020-26141
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2020-26141/
`ubuntu`	medium	CVE-2020-26141 medium priority: Ubuntu including 169 source packages (linux, linux-allwinner, …), 2181 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1696, not-affected 217, released 205, ignored 47, needed 16.	https://ubuntu.com/security/CVE-2020-26141

Affected software / configurations for CVE-2020-26141

Vendor	Product	Version	Raw CPE
alfa	awus036h_firmware	6.1316.1209	cpe:2.3:o:alfa:awus036h_firmware:6.1316.1209:::::windows_10::
cisco	meraki_gr10_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_gr10_firmware::::::::
cisco	meraki_gr60_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_gr60_firmware::::::::
cisco	meraki_mr20_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr20_firmware::::::::
cisco	meraki_mr30h_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr30h_firmware::::::::
cisco	meraki_mr33_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr33_firmware::::::::
cisco	meraki_mr36_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr36_firmware::::::::
cisco	meraki_mr42_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr42_firmware::::::::
cisco	meraki_mr42e_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr42e_firmware::::::::
cisco	meraki_mr44_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr44_firmware::::::::
cisco	meraki_mr45_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr45_firmware::::::::
cisco	meraki_mr46_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr46_firmware::::::::
cisco	meraki_mr46e_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr46e_firmware::::::::
cisco	meraki_mr52_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr52_firmware::::::::
cisco	meraki_mr53_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr53_firmware::::::::
cisco	meraki_mr53e_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr53e_firmware::::::::
cisco	meraki_mr55_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr55_firmware::::::::
cisco	meraki_mr56_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr56_firmware::::::::
cisco	meraki_mr70_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr70_firmware::::::::
cisco	meraki_mr74_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr74_firmware::::::::
cisco	meraki_mr76_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr76_firmware::::::::
cisco	meraki_mr84_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr84_firmware::::::::
cisco	meraki_mr86_firmware	< 27.7.1	cpe:2.3:o:cisco:meraki_mr86_firmware::::::::
cisco	meraki_mr12_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr12_firmware::::::::
cisco	meraki_mr18_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr18_firmware::::::::
cisco	meraki_mr26_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr26_firmware::::::::
cisco	meraki_mr32_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr32_firmware::::::::
cisco	meraki_mr34_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr34_firmware::::::::
cisco	meraki_mr62_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr62_firmware::::::::
cisco	meraki_mr66_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr66_firmware::::::::
cisco	meraki_mr72_firmware	< 26.8.3	cpe:2.3:o:cisco:meraki_mr72_firmware::::::::
cisco	meraki_mx64w_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx64w_firmware::::::::
cisco	meraki_mx65w_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx65w_firmware::::::::
cisco	meraki_mx67w_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx67w_firmware::::::::
cisco	meraki_mx67cw_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx67cw_firmware::::::::
cisco	meraki_mx68w_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx68w_firmware::::::::
cisco	meraki_mx68cw_firmware	< 17.0	cpe:2.3:o:cisco:meraki_mx68cw_firmware::::::::
cisco	meraki_z3_firmware	< 17.0	cpe:2.3:o:cisco:meraki_z3_firmware::::::::
cisco	meraki_z3c_firmware	< 17.0	cpe:2.3:o:cisco:meraki_z3c_firmware::::::::
cisco	wireless_ip_phone_8821_firmware	< 11.0\(6\)sr2	cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware::::::::
cisco	ip_phone_6861_firmware	< 11.3\(5\)	cpe:2.3:o:cisco:ip_phone_6861_firmware::::::::
cisco	ip_phone_8861_firmware	< 11.3\(5\)	cpe:2.3:o:cisco:ip_phone_8861_firmware::::::3pcc::*
cisco	ip_phone_8861_firmware	< 14.1\(1\)	cpe:2.3:o:cisco:ip_phone_8861_firmware::::::::
cisco	ip_phone_8865_firmware	< 14.1\(1\)	cpe:2.3:o:cisco:ip_phone_8865_firmware::::::::
cisco	ip_conference_phone_8832_firmware	< 14.1\(1\)	cpe:2.3:o:cisco:ip_conference_phone_8832_firmware::::::::
cisco	webex_room_series_firmware	< 1.2\(0\)sr1	cpe:2.3:o:cisco:webex_room_series_firmware::::::::
cisco	webex_desk_series_firmware	< 1.2\(0\)sr1	cpe:2.3:o:cisco:webex_desk_series_firmware::::::::
cisco	webex_board_series_firmware	< 10.8.2.5	cpe:2.3:o:cisco:webex_board_series_firmware::::::::
cisco	webex_wireless_phone_860_firmware	< 1.4\(0\)	cpe:2.3:o:cisco:webex_wireless_phone_860_firmware::::::::
cisco	webex_wireless_phone_840_firmware	< 1.4\(0\)	cpe:2.3:o:cisco:webex_wireless_phone_840_firmware::::::::
siemens	6gk5778-1gy00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5778-1gy00-0ab0_firmware:-::::::m12:
siemens	6gk5778-1gy00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5778-1gy00-0aa0_firmware:-::::::m12:
siemens	6gk5721-1fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5721-1fc00-0aa0_firmware:-::::::rj45:
siemens	6gk5721-1fc00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5721-1fc00-0ab0_firmware:-::::::rj45:
siemens	6gk5722-1fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5722-1fc00-0aa0_firmware:-::::::rj45:
siemens	6gk5722-1fc00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5722-1fc00-0ab0_firmware:-::::::rj45:
siemens	6gk5722-1fc00-0ac0_firmware	—	cpe:2.3:o:siemens:6gk5722-1fc00-0ac0_firmware:-::::::rj45:
siemens	6gk5734-1fx00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5734-1fx00-0aa0_firmware:-::::::rj45:
siemens	6gk5734-1fx00-0aa6_firmware	—	cpe:2.3:o:siemens:6gk5734-1fx00-0aa6_firmware:-::::::rj45:
siemens	6gk5734-1fx00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5734-1fx00-0ab0_firmware:-::::::rj45:
siemens	6gk5734-1fx00-0ab6_firmware	—	cpe:2.3:o:siemens:6gk5734-1fx00-0ab6_firmware:-::::::rj45:
siemens	6gk5738-1gy00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5738-1gy00-0aa0_firmware:-::::::m12:
siemens	6gk5738-1gy00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5738-1gy00-0ab0_firmware:-::::::m12:
siemens	6gk5748-1fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5748-1fc00-0aa0_firmware:-::::::rj45:
siemens	6gk5748-1fc00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5748-1fc00-0ab0_firmware:-::::::rj45:
siemens	6gk5748-1gd00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5748-1gd00-0aa0_firmware:-::::::m12:
siemens	6gk5748-1gd00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5748-1gd00-0ab0_firmware:-::::::m12:
siemens	6gk5761-1fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5761-1fc00-0aa0_firmware:-::::::rj45:
siemens	6gk5761-1fc00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5761-1fc00-0ab0_firmware:-::::::rj45:
siemens	6gk5774-1fx00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5774-1fx00-0aa0_firmware:-::::::rj45:
siemens	6gk5774-1fx00-0aa6_firmware	—	cpe:2.3:o:siemens:6gk5774-1fx00-0aa6_firmware:-::::::rj45:
siemens	6gk5774-1fx00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5774-1fx00-0ab0_firmware:-::::::rj45:
siemens	6gk5774-1fx00-0ab6_firmware	—	cpe:2.3:o:siemens:6gk5774-1fx00-0ab6_firmware:-::::::rj45:
siemens	6gk5774-1fy00-0ta0_firmware	—	cpe:2.3:o:siemens:6gk5774-1fy00-0ta0_firmware:-::::::m12_ecc:
siemens	6gk5774-1fy00-0tb0_firmware	—	cpe:2.3:o:siemens:6gk5774-1fy00-0tb0_firmware:-::::::m12_ecc:
siemens	6gk5778-1gy00-0ta0_firmware	—	cpe:2.3:o:siemens:6gk5778-1gy00-0ta0_firmware:-::::::m12_ecc:
siemens	6gk5778-1gy00-0tb0_firmware	—	cpe:2.3:o:siemens:6gk5778-1gy00-0tb0_firmware:-::::::m12_ecc:
siemens	6gk5786-1fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5786-1fc00-0aa0_firmware:-::::::rj45:
siemens	6gk5786-1fc00-0ab0_firmware	—	cpe:2.3:o:siemens:6gk5786-1fc00-0ab0_firmware:-::::::rj45:
siemens	6gk5786-2fc00-0aa0_firmware	—	cpe:2.3:o:siemens:6gk5786-2fc00-0aa0_firmware:-::::::rj45:

References for CVE-2020-26141

URL	Tags
http://www.openwall.com/lists/oss-security/2021/05/11/12	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf	Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63	Third Party Advisory
https://www.fragattacks.com	Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://cert-portal.siemens.com/productcert/html/ssa-913875.html

URL

CVE-2020-26141

Exploit prediction scoring system (EPSS) score for CVE-2020-26141

Common vulnerability scoring system (CVSS) metrics for CVE-2020-26141

Weakness enumeration for CVE-2020-26141

OS Trackers for CVE-2020-26141

Affected software / configurations for CVE-2020-26141

References for CVE-2020-26141