Multiple Wireless Router Chipsets Affected by Authentication Bypass Vulnerability

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112
Details of an authentication bypass vulnerability present in multiple wireless router chipsets have been set out in an advisory published by Synopsys CyRC. Referred to as CVE-2019-18989, CVE-2019-18990 and CVE-2019-18991, the vulnerability affects a variety of chipsets in different devices across three manufacturers: Mediatek, Qualcomm and Realtek.

Attackers can exploit the partial authentication bypass vulnerability by injecting packets into a WPA2-protected network without knowledge of the preshared key. These packets are subsequently routed through the network in the same way valid packets would be. While responses to the injected packets return encrypted, attackers can eventually find out if the injected packets successfully reached an active system because they have control of what is sent through the network.

Synopsys also detailed a proof-of-concept example, in which it opened a UDP port in the router’s NAT by injecting UDP packets into a vulnerable WPA2-protected network. It said an attacker-controlled host listening on a defined UDP port can then receive the packets when they pass through the public internet. This host can then use this opened UDP port to communicate back to the vulnerable network.

The Synopsys researchers explained: “An attacker can arbitrarily send unencrypted packets and receive encrypted responses. These unencrypted packets are sent from a spoofed MAC address. The vulnerable access point does not drop the plain-text packets and routes them to the network as though they were valid. Response is also received back, but that is encrypted. The only requirement is that there is another properly authenticated client connected to WPA2 network.” They added: “End users with access points that include the identified chipset and firmware versions are strongly encouraged to upgrade as quickly as possible or replace vulnerable access points with another access point.”
Full report by researchers: CyRC advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets | Synopsys
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top