Vulnerabilities > Realtek > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2020-25856 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25855 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25854 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25853 Out-of-bounds Read vulnerability in Realtek Rtl8195A Firmware
The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service.
network
low complexity
realtek CWE-125
7.5
2020-07-06 CVE-2020-9395 Out-of-bounds Write vulnerability in Realtek products
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6.
high complexity
realtek CWE-787
8.0
2020-06-08 CVE-2020-12773 Unspecified vulnerability in Realtek Adsl Router SOC Firmware
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.
network
low complexity
realtek
8.8
2020-01-27 CVE-2019-19823 Insufficiently Protected Credentials vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file.
7.5
2020-01-27 CVE-2019-19822 Missing Authentication for Critical Function vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords).
7.5
2017-11-13 CVE-2017-3767 Unspecified vulnerability in Realtek Audio Driver Firmware
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products.
local
low complexity
realtek
7.8