CVE-2021-27854

Published: Sep 27, 2022Modified: Nov 4, 2025

4.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

Affected (2)

Products: Ieee: Ieee 802.2 · Ietf: P802.1q

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ieee Ieee 802.2	Up to 802.2h-1997

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ietf P802.1q	Up to d1.0

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (11)

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Source: cret@cert.org

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

Source: cret@cert.org

Vendor Advisory

https://kb.cert.org/vuls/id/855201

Source: cret@cert.org

https://standards.ieee.org/ieee/802.1Q/10323/

Source: cret@cert.org

Vendor Advisory

https://standards.ieee.org/ieee/802.2/1048/

Source: cret@cert.org

Vendor Advisory

https://blog.champtar.fr/VLAN0_LLC_SNAP/