Security News > 2021 > February > Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks

Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal.

The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security.

Tracked as CVE-2020-9395, the most severe of the flaws is a remotely exploitable stack overflow that could lead to a complete takeover of the module and the device's wireless communications.

All of the remaining three vulnerabilities are stack-based buffer overflow issues that could lead to remote code execution, but exploitation requires for the attacker to know the network's PSK. Thus, the use of a strong, private WPA2 passphrase should prevent exploitation of these bugs.

"An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer," Realtek explains.

Vdoo says all of these vulnerabilities have been addressed in the latest version of Ameba Arduino.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/m_s6xtWws9I/vulnerabilities-realtek-wi-fi-module-expose-many-devices-remote-attacks