CVE-2021-27862

L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation

CVSS 4.7 MEDIUMEPSS 0.6%CWE-130 CWE-290

In short

This vulnerability allows attackers to bypass network security filters (like IPv6 RA guard) by crafting specially malformed network frames during Ethernet to WiFi conversion. An attacker on the network can send packets that appear legitimate to the filter but contain hidden malicious content.

Technical detail

The vulnerability exploits improper frame translation during Ethernet-to-WiFi conversion where LLC/SNAP headers with invalid lengths combined with optional VLAN0 stacking can evade Layer 2 filtering mechanisms. Attack requires network access and relies on the device mishandling malformed header fields during frame conversion, potentially bypassing RA guard and similar L2 security controls.

Summary generated and translated by AI from the official description.

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected products

IEEE · 802.2 IETF · draft-ietf-v6ops-ra-guard-08

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.champtar.fr/VLAN0_LLC_SNAP/https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.2/1048/https://www.kb.cert.org/vuls/id/855201