CVE-2019-18990
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/09/2020
Last modified:
21/07/2021
Description
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
4.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:realtek:rtl8812ar_firmware:1.21ww:*:*:*:*:*:*:* | ||
| cpe:2.3:h:realtek:rtl8812ar:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8196d_firmware:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:realtek:rtl8196d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8192er_firmware:2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:h:realtek:rtl8192er:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8881an_firmware:1.09:*:*:*:*:*:*:* | ||
| cpe:2.3:h:realtek:rtl8881an:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page