CVE-2019-18989
low-risk
Published 2020-09-30
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Mt7620N Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/
Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal