Authentication flaw

2020-09-3018:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

CPENameOperatorVersion
rtl8192er_firmwareeq2.10
rtl8196d_firmwareeq1.0.0
rtl8812ar_firmwareeq1.21.0-ww
rtl8881an_firmwareeq1.09

Name	Operator	Version
rtl8192er_firmware	eq	2.10
rtl8196d_firmware	eq	1.0.0
rtl8812ar_firmware	eq	1.21.0-ww
rtl8881an_firmware	eq	1.09

References

www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/