MidnightBSD

Advisories for alfa

CVE-2020-26140 LOW

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
intel ac_8265_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
intel proset_ac_3168_firmware -
siemens scalance_w761-1_firmware -
cisco catalyst_9115axi_firmware -
siemens scalance_w1788-2_firmware -
cisco aironet_1702_firmware -
cisco ip_phone_8821_firmware -
cisco meraki_mx67w_firmware -
cisco catalyst_iw6300_dc_firmware -
cisco catalyst_9117_firmware -
alfa awus036h_firmware 6.1316.1209
arista c-230_firmware -
siemens scalance_w721-1_firmware -
cisco meraki_mr52_firmware -
arista c-250_firmware -
cisco meraki_mr45_firmware -
siemens scalance_w774-1_firmware -
intel wi-fi_6_ax201_firmware -
arista o-105_firmware -
arista c-260_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mr86_firmware -
cisco aironet_2800_firmware -
cisco meraki_mr74_firmware -
cisco meraki_mx68w_firmware -
cisco meraki_mr84_firmware -
cisco aironet_1810_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
intel ac_8260_firmware -
arista c-100_firmware -
arista c-235_firmware -
intel proset_ac_9560_firmware -
cisco aironet_3800e_firmware -
cisco ip_phone_8832_firmware -
cisco catalyst_9124axi_firmware -
cisco meraki_mr53e_firmware -
siemens scalance_w722-1_firmware -
cisco meraki_mr26_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco aironet_1552_firmware -
siemens scalance_w788-1_firmware -
cisco aironet_2800i_firmware -
cisco webex_room_70_firmware -
cisco webex_dx80_firmware -
cisco webex_room_70_single_firmware -
intel proset_ac_9461_firmware -
cisco catalyst_9105_firmware -
siemens scalance_wum766-1_firmware -
intel proset_ac_3165_firmware -
siemens scalance_wum766-1_6ghz_firmware -
cisco meraki_mr44_firmware -
cisco webex_room_55_dual_firmware -
cisco ir829-2lte-ea-ak9_firmware -
siemens scalance_w748-1_firmware -
cisco 1109-2p_firmware -
cisco webex_dx70_firmware -
siemens scalance_w786-2ia_firmware -
cisco meraki_z3_firmware -
arista o-90_firmware -
cisco meraki_z3c_firmware -
cisco aironet_1560_firmware -
cisco webex_room_kit_firmware -
cisco meraki_mr12_firmware -
cisco webex_board_55s_firmware -
cisco meraki_mx68cw_firmware -
cisco webex_board_55_firmware -
cisco catalyst_9105axi_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco esw6300_firmware -
intel proset_ac_8260_firmware -
siemens scalance_w1788-2ia_firmware -
cisco meraki_mx64w_firmware -
cisco catalyst_9130_firmware -
siemens scalance_wam766-1_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco meraki_gr60_firmware -
siemens scalance_w734-1_firmware -
cisco 1101-4p_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco aironet_1815_firmware -
cisco aironet_1832_firmware -
cisco aironet_1815i_firmware -
cisco meraki_mr42e_firmware -
cisco meraki_mr76_firmware -
cisco aironet_2702_firmware -
cisco catalyst_9115_firmware -
cisco meraki_mr66_firmware -
cisco meraki_mx67cw_firmware -
cisco ip_phone_8861_firmware -
cisco catalyst_9120_firmware -
siemens scalance_w788-2_firmware -
cisco webex_room_kit_mini_firmware -
arista w-118_firmware -
arista c-75_firmware -
cisco meraki_gr10_firmware -
cisco webex_room_70_single_g2_firmware -
cisco esw-6300-con-x-k9_firmware -
cisco ip_phone_6861_firmware -
cisco aironet_1542i_firmware -
cisco catalyst_9120axe_firmware -
cisco meraki_mr32_firmware -
intel proset_ac_9260_firmware -
cisco 1100-8p_firmware -
cisco aironet_3800_firmware -
cisco webex_room_70_dual_firmware -
intel killer_ac_1550_firmware -
cisco aironet_1572_firmware -
siemens scalance_w738-1_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel wi-fi_6_ax200_firmware -
cisco catalyst_iw6300_ac_firmware -
cisco aironet_1562d_firmware -
siemens scalance_w778-1_firmware -
cisco ip_phone_8865_firmware -
cisco catalyst_9117_ap_firmware -
cisco webex_room_55_firmware -
cisco meraki_mr20_firmware -
cisco meraki_mr46e_firmware -
intel ac_9560_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco catalyst_9115axe_firmware -
cisco 1100-4p_firmware -
intel proset_ac_8265_firmware -
siemens scalance_wum763-1_firmware -
cisco aironet_ap803_firmware -
intel ac_9260_firmware -
cisco aironet_3800p_firmware -
cisco meraki_mr42_firmware -
cisco webex_board_70s_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco webex_board_85s_firmware -
cisco aironet_1562e_firmware -
siemens scalance_w1788-1_firmware -
cisco catalyst_9124_firmware -
cisco aironet_1532_firmware -
intel proset_wi-fi_6_ax201_firmware -
arista w-68_firmware -
arista c-200_firmware -
cisco aironet_2800e_firmware -
arista c-110_firmware -
cisco meraki_mr72_firmware -
cisco meraki_mr30h_firmware -
siemens scalance_w786-2_firmware -
cisco catalyst_9120axp_firmware -
cisco aironet_1542d_firmware -
siemens scalance_w786-1_firmware -
cisco aironet_3702_firmware -
cisco catalyst_9115_ap_firmware -
cisco catalyst_9124axd_firmware -
cisco catalyst_9130axi_firmware -
cisco webex_board_70_firmware -
cisco meraki_mr33_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_wam766-1_6ghz_firmware -
cisco catalyst_9120_ap_firmware -
cisco 1100_firmware -
cisco meraki_mr70_firmware -
cisco catalyst_9117axi_firmware -
arista c-120_firmware -
cisco aironet_1810w_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9130axe_firmware -
cisco meraki_mr55_firmware -
siemens scalance_w1748-1_firmware -
cisco aironet_1842_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
arista c-130_firmware -
cisco aironet_1852_firmware -
cisco aironet_3800i_firmware -
intel proset_ac_9462_firmware -
cisco aironet_1800i_firmware -
siemens scalance_w1750d_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco aironet_iw3702_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco meraki_mr62_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco catalyst_iw6300_firmware -
arista c-65_firmware -
cisco meraki_mr46_firmware -
cisco meraki_mr36_firmware -
cisco meraki_mr53_firmware -
cisco meraki_mr34_firmware -
cisco aironet_1552h_firmware -
cisco catalyst_9105axw_firmware -
cisco catalyst_9130_ap_firmware -
cisco aironet_4800_firmware -
cisco meraki_mx65w_firmware -
cisco catalyst_9120axi_firmware -
cisco aironet_1800_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco 1109-4p_firmware -
cisco aironet_1562i_firmware -
CVE-2020-26141 LOW

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-354,

Products Affected

Vendor Product Version
siemens 6gk5788-1fc00-0ab0_firmware -
siemens 6gk5786-1fc00-0aa0_firmware -
cisco meraki_gr60_firmware *
cisco meraki_mr20_firmware *
cisco webex_room_series_firmware *
siemens 6gk5774-1fx00-0ab6_firmware -
siemens 6gk5786-2hc00-0aa0_firmware -
cisco meraki_mr86_firmware *
cisco meraki_mr42e_firmware *
siemens 6gk5748-1gd00-0aa0_firmware -
cisco meraki_mr46e_firmware *
cisco meraki_mr74_firmware *
siemens 6gk5774-1fy00-0tb0_firmware -
cisco meraki_mr52_firmware *
siemens 6gk5738-1gy00-0ab0_firmware -
cisco meraki_mr53_firmware *
cisco meraki_z3_firmware *
siemens 6gk5761-1fc00-0ab0_firmware -
cisco meraki_mr66_firmware *
cisco meraki_mx65w_firmware *
cisco meraki_z3c_firmware *
siemens 6gk5748-1fc00-0ab0_firmware -
alfa awus036h_firmware 6.1316.1209
cisco webex_wireless_phone_840_firmware *
siemens 6gk5778-1gy00-0tb0_firmware -
siemens 6gk5786-2fc00-0aa0_firmware -
siemens 6gk5788-2gd00-0ta0_firmware -
cisco meraki_mr84_firmware *
cisco ip_phone_8865_firmware *
siemens 6gk5774-1fy00-0ta0_firmware -
cisco meraki_mr36_firmware *
cisco ip_conference_phone_8832_firmware *
cisco meraki_mr18_firmware *
cisco meraki_mx68w_firmware *
siemens 6gk5774-1fx00-0aa0_firmware -
cisco meraki_mr26_firmware *
siemens 6gk5722-1fc00-0ab0_firmware -
siemens 6gk5774-1fx00-0ab0_firmware -
siemens 6gk5778-1gy00-0ta0_firmware -
cisco meraki_mx67cw_firmware *
siemens 6gk5722-1fc00-0ac0_firmware -
cisco meraki_mr32_firmware *
cisco meraki_gr10_firmware *
siemens 6gk5786-2fc00-0ab0_firmware -
siemens 6gk5748-1gd00-0ab0_firmware -
siemens 6gk5788-1fc00-0aa0_firmware -
cisco meraki_mr44_firmware *
cisco meraki_mx67w_firmware *
siemens 6gk5788-2fc00-0ac0_firmware -
siemens 6gk5788-2gd00-0tb0_firmware -
cisco webex_board_series_firmware *
siemens 6gk5788-2fc00-0ab0_firmware -
cisco ip_phone_8861_firmware *
siemens 6gk5788-2gd00-0ab0_firmware -
cisco meraki_mr55_firmware *
cisco meraki_mr70_firmware *
siemens 6gk5788-2fc00-0aa0_firmware -
cisco meraki_mr30h_firmware *
siemens 6gk5786-2hc00-0ab0_firmware -
cisco meraki_mx68cw_firmware *
cisco meraki_mr46_firmware *
cisco wireless_ip_phone_8821_firmware *
siemens 6gk5734-1fx00-0aa6_firmware -
siemens 6gk5778-1gy00-0aa0_firmware -
siemens 6gk5788-1gd00-0aa0_firmware -
cisco meraki_mr34_firmware *
cisco meraki_mr45_firmware *
siemens 6gk5774-1fx00-0aa6_firmware -
siemens 6gk5721-1fc00-0ab0_firmware -
siemens 6gk5722-1fc00-0aa0_firmware -
cisco meraki_mr33_firmware *
siemens 6gk5788-2gd00-0aa0_firmware -
cisco meraki_mr72_firmware *
cisco meraki_mr76_firmware *
siemens 6gk5734-1fx00-0aa0_firmware -
cisco meraki_mr56_firmware *
siemens 6gk5734-1fx00-0ab0_firmware -
siemens 6gk5788-1gd00-0ab0_firmware -
cisco webex_wireless_phone_860_firmware *
siemens 6gk5721-1fc00-0aa0_firmware -
siemens 6gk5788-2gd00-0tc0_firmware -
cisco meraki_mx64w_firmware *
cisco ip_phone_6861_firmware *
siemens 6gk5761-1fc00-0aa0_firmware -
siemens 6gk5734-1fx00-0ab6_firmware -
cisco meraki_mr42_firmware *
cisco webex_desk_series_firmware *
siemens 6gk5786-2fc00-0ac0_firmware -
siemens 6gk5786-1fc00-0ab0_firmware -
cisco meraki_mr53e_firmware *
siemens 6gk5738-1gy00-0aa0_firmware -
siemens 6gk5748-1fc00-0aa0_firmware -
cisco meraki_mr12_firmware *
siemens 6gk5778-1gy00-0ab0_firmware -
cisco meraki_mr62_firmware *
CVE-2020-26143 LOW

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
arista c-75_firmware -
arista c-65_firmware -
arista o-90_firmware -
siemens scalance_w700_ieee_802.11n_firmware *
alfa awus036h_firmware 1030.36.604
arista w-68_firmware -
CVE-2025-29046

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
alfa wifi_camppro_firmware 2.29
CVE-2025-29047

Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
alfa wifi_camppro_firmware 2.29
CVE-2025-45846

ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
alfa aip-w512_firmware 3.2.2.2.3
CVE-2025-45847

ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
alfa aip-w512_firmware 3.2.2.2.3