Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-18991

Опубликовано: 30 сент. 2020
Источник: nvd
CVSS3: 6.1
CVSS3: 5.4
CVSS2: 4.8
EPSS Низкий

Описание

A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:qualcomm:atheros_ar9132_firmware:3.60\(amx.8\):*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:atheros_ar9132:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:qualcomm:atheros_ar9283_firmware:1.85:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:atheros_ar9283:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:qualcomm:atheros_ar9285_firmware:1.0.0.12na:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:atheros_ar9285:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00036
Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-290

Связанные уязвимости

github логотип

GHSA-qm32-jcf4-2654

github
больше 3 лет назад

A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

EPSS

Процентиль: 10%
0.00036
Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-290