CVE-2019-18991

Name of the Vulnerable Software and Affected Versions Atheros AR9132 version 3.60(AMX.8) Atheros AR9283 version 1.85 Atheros AR9285 version 1.0.0.12NA

Description A partial authentication bypass issue exists, allowing an attacker to send an unencrypted data frame to a WPA2-protected WLAN router. The packet is routed through the network, and if successful, a response is sent back as an encrypted frame. This could enable an attacker to discern information or potentially modify data.

Recommendations For Atheros AR9132 version 3.60(AMX.8), consider restricting access to the network until a fix is available. For Atheros AR9283 version 1.85, avoid using WPA2 protection until the issue is resolved. For Atheros AR9285 version 1.0.0.12NA, as a temporary workaround, consider disabling the WLAN router's routing of unencrypted frames until a patch is available.