Vulnerabilities > CVE-2020-9395 - Out-of-bounds Write vulnerability in Realtek products

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

realtek

CWE-787

NVD

Published: 2020-07-06

Updated: 2021-07-21

Summary

An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.

Vulnerable Configurations

Part	Description	Count
OS	Realtek Realtek Rtl8711Af Firmware * Realtek Rtl8711Am Firmware * Realtek Rtl8195Am Firmware - Realtek Rtl8710Af Firmware *	4
Hardware	Realtek Realtek Rtl8711Af - Realtek Rtl8711Am - Realtek Rtl8195Am - Realtek Rtl8710Af -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09
https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014
https://www.amebaiot.com/en/security_bulletin/