Synopsys has discovered a partial authentication bypass vulnerability in routers containing chipsets from Mediatek, Qualcomm, Zyxel and Realtek.
A team of researchers from Synopsys‘ Cybersecurity Research Center (CyRC) in Oulu, Finland have discovered a partial authentication bypass vulnerability in multiple wireless router chipsets from Mediatek, Qualcomm (Atheros), Zyxel and Realtek. The vulnerability, tracked as CVE-2019-18989, CVE-2019-18990 and CVE-2019-18991, affects Mediatek’s MT7620N chipset, Qualcomm’s AR9132, AR9283 and AR9285 chipsets and Realtek’s RTL8812AR, RTL8196D, RTL8881AN and RTL8192ER chipsets. However, Synopsys was unable to identify a comprehensive list of vulnerable devices and chipsets as numerous wireless routers are affected by this vulnerability. As part of its disclosure process, Synopsys engaged with all the manufacturers of the devices it tested.
