Details of VAR-202009-0518

ID

VAR-202009-0518

CVE

CVE-2019-18989

TITLE

Mediatek MT7620N Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016049

DESCRIPTION

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. Mediatek MT7620N Contains an authentication vulnerability.Information may be obtained and information may be tampered with. Mediatek MT7620N is an IEEE802.11n on-chip routing chip of China MediaTek

Trust: 2.16

sources: NVD: CVE-2019-18989 // JVNDB: JVNDB-2019-016049 // CNVD: CNVD-2021-18268

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18268

AFFECTED PRODUCTS

vendor:	mediatek	model:	mt7620n	scope:	eq	version:	1.06	Trust: 1.6
vendor:	メディアテック	model:	mt7620n	scope:	eq	version:	-	Trust: 0.8
vendor:	メディアテック	model:	mt7620n	scope:	eq	version:	mt7620n firmware 1.06	Trust: 0.8

sources: CNVD: CNVD-2021-18268 // JVNDB: JVNDB-2019-016049 // NVD: CVE-2019-18989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18989
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-18989
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18989
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-18268
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-1700
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-18989
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-18268
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18989
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-18989
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	CVE-2019-18989
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-18268 // JVNDB: JVNDB-2019-016049 // CNNVD: CNNVD-202009-1700 // NVD: CVE-2019-18989 // NVD: CVE-2019-18989

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016049 // NVD: CVE-2019-18989

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1700

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-1700

PATCH

title:	MT7620N/A	url:	https://www.mediatek.jp/products/mt7620n-a	Trust: 0.8
title:	Patch for Mediatek MT7620N authentication bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/253471	Trust: 0.6
title:	Mediatek MT7620N Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129682	Trust: 0.6

sources: CNVD: CNVD-2021-18268 // JVNDB: JVNDB-2019-016049 // CNNVD: CNNVD-202009-1700

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18989	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-016049	Trust: 0.8
db:	CNVD	id:	CNVD-2021-18268	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1700	Trust: 0.6

sources: CNVD: CNVD-2021-18268 // JVNDB: JVNDB-2019-016049 // CNNVD: CNNVD-202009-1700 // NVD: CVE-2019-18989

REFERENCES

url:	https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18989	Trust: 2.0

sources: CNVD: CNVD-2021-18268 // JVNDB: JVNDB-2019-016049 // CNNVD: CNNVD-202009-1700 // NVD: CVE-2019-18989

SOURCES

db:	CNVD	id:	CNVD-2021-18268
db:	JVNDB	id:	JVNDB-2019-016049
db:	CNNVD	id:	CNNVD-202009-1700
db:	NVD	id:	CVE-2019-18989

LAST UPDATE DATE

2024-08-14T14:18:50.981000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-18268	date:	2021-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-016049	date:	2021-04-21T06:39:00
db:	CNNVD	id:	CNNVD-202009-1700	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2019-18989	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-18268	date:	2021-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-016049	date:	2021-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202009-1700	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2019-18989	date:	2020-09-30T18:15:17.317