CVE-2019-18989

Published: Sep 30, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

Affected (1)

Products: Mediatek: Mt7620n Firmware

1 product

Mt7620n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7620n Firmware	Version 1.06

Running on/with	Platform Versions
Mediatek Mt7620n	All versions

Related CWEs

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

Source: cve@mitre.org

Third Party Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.