CVE-2019-18990

Published: Sep 30, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

Affected (4)

Products: Realtek: Rtl8812ar Firmware, Rtl8196d Firmware, Rtl8192er Firmware, Rtl8881an Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8812ar Firmware	Version 1.21ww

Running on/with	Platform Versions
Realtek Rtl8812ar	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8196d Firmware	Version 1.0.0

Running on/with	Platform Versions
Realtek Rtl8196d	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8192er Firmware	Version 2.10

Running on/with	Platform Versions
Realtek Rtl8192er	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8881an Firmware	Version 1.09

Running on/with	Platform Versions
Realtek Rtl8881an	All versions

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

Source: cve@mitre.org

Third Party Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.