Security News > 2021 > February > Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications.
The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors.
Although the issues uncovered by Vdoo were verified only on RTL8195A, the researchers said they extend to other modules as well, including RTL8711AM, RTL8711AF, and RTL8710AF. The flaws concern a mix of stack overflow, and out-of-bounds reads that stem from the Wi-Fi module's WPA2 four-way handshake mechanism during authentication.
Chief among them is a buffer overflow vulnerability that permits an attacker in the proximity of an RTL8195 module to completely take over the module, without having to know the Wi-Fi network password and regardless of whether the module is acting as a Wi-Fi access point or client.
Two other flaws can be abused to stage a denial of service, while another set of three weaknesses, including CVE-2020-25854, could allow exploitation of Wi-Fi client devices and execute arbitrary code.
"An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6," the company said in a security bulletin.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2020-25854 | Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. | 6.8 |