PT-2020-10032 · Realtek · Realtek Rtl8192Er+3
Published
2020-09-30
·
Updated
2021-07-21
·
CVE-2019-18990
CVSS v3.1
6.1
Medium
| Vector | AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
Realtek RTL8812AR version 1.21WW
Realtek RTL8196D version 1.0.0
Realtek RTL8192ER version 2.10
Realtek RTL8881AN version 1.09
Description
A partial authentication bypass issue exists, allowing an attacker to send an unencrypted data frame to a WPA2-protected WLAN router. The packet is then routed through the network, and if successful, a response is sent back as an encrypted frame. This could enable an attacker to discern information or potentially modify data.
Recommendations
For Realtek RTL8812AR version 1.21WW, update to a newer version that contains a fix for this issue.
For Realtek RTL8196D version 1.0.0, update to a newer version that contains a fix for this issue.
For Realtek RTL8192ER version 2.10, update to a newer version that contains a fix for this issue.
For Realtek RTL8881AN version 1.09, update to a newer version that contains a fix for this issue.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realtek Rtl8192Er
Realtek Rtl8196D
Realtek Rtl8812Ar
Realtek Rtl8881An