Vulnerabilities > Realtek
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-08 | CVE-2020-23539 | NULL Pointer Dereference vulnerability in Realtek Rtl8723De Firmware An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. | 7.8 |
2021-03-25 | CVE-2021-27372 | Insufficiently Protected Credentials vulnerability in Realtek Xpon Rtl9601D Software Development KIT 1.9 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | 10.0 |
2021-02-03 | CVE-2020-25857 | Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. | 5.0 |
2021-02-03 | CVE-2020-25856 | Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. | 6.8 |
2021-02-03 | CVE-2020-25855 | Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. | 6.8 |
2021-02-03 | CVE-2020-25854 | Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. | 6.8 |
2021-02-03 | CVE-2020-25853 | Out-of-bounds Read vulnerability in Realtek Rtl8195A Firmware The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. | 5.0 |
2020-09-30 | CVE-2019-18990 | Improper Authentication vulnerability in Realtek products A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. | 4.8 |
2020-07-06 | CVE-2020-9395 | Classic Buffer Overflow vulnerability in Realtek products An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. | 4.9 |
2020-06-08 | CVE-2020-12773 | Unspecified vulnerability in Realtek Adsl Router SOC Firmware A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. | 6.5 |