Lucene search

MitreCVELIST:CVE-2019-18990

HistorySep 30, 2020 - 5:26 p.m.

CVE-2019-18990

2020-09-3017:26:28

mitre

www.cve.org

realtek

authentication bypass

vulnerability

wireless devices

wpa2

data frame

encrypted frame

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

References

www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

Related for CVELIST:CVE-2019-18990