What is CVE-2019-18990?

CVE-2019-18990 is a partial authentication bypass vulnerability that exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices.

How does CVE-2019-18990 work?

CVE-2019-18990 allows an attacker to send an unencrypted data frame to a WPA2-protected WLAN router, bypassing partial authentication and potentially gaining unauthorized access.

What is the severity of CVE-2019-18990?

CVE-2019-18990 has a severity rating of medium, with a CVSS score of 5.4.

How can I fix CVE-2019-18990?

To mitigate CVE-2019-18990, apply the latest firmware updates provided by Realtek for the affected devices.

Vulnerability/
CVE-2019-18990

medium

6.1

CWE

290

30/9/2020

5/8/2024

CVE-2019-18990

First published: Wed Sep 30 2020(Updated: )

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Realtek Rtl8812ar Firmware	=1.21ww
Realtek RTL8812AR
Realtek Rtl8196d Firmware	=1.0.0
Realtek Rtl8196d
Realtek Rtl8192er Firmware	=2.10
Realtek Rtl8192er
Realtek Rtl8881an Firmware	=1.09
Realtek Rtl8881an

Never miss a vulnerability like this again

Reference Links

https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/

Frequently Asked Questions

What is CVE-2019-18990?
CVE-2019-18990 is a partial authentication bypass vulnerability that exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices.
How does CVE-2019-18990 work?
CVE-2019-18990 allows an attacker to send an unencrypted data frame to a WPA2-protected WLAN router, bypassing partial authentication and potentially gaining unauthorized access.
What is the severity of CVE-2019-18990?
CVE-2019-18990 has a severity rating of medium, with a CVSS score of 5.4.
Which devices are affected by CVE-2019-18990?
Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices are affected by CVE-2019-18990.
How can I fix CVE-2019-18990?
To mitigate CVE-2019-18990, apply the latest firmware updates provided by Realtek for the affected devices.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/realtek
canonical/realtek rtl8812ar firmware
version/realtek rtl8812ar firmware/1.21ww
canonical/realtek rtl8812ar
canonical/realtek rtl8196d firmware
version/realtek rtl8196d firmware/1.0.0
canonical/realtek rtl8196d
canonical/realtek rtl8192er firmware
version/realtek rtl8192er firmware/2.10
canonical/realtek rtl8192er
canonical/realtek rtl8881an firmware
version/realtek rtl8881an firmware/1.09
canonical/realtek rtl8881an

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.