Vulnerabilities > Realtek > Rtl8195A Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2020-27301 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware and Rtl8710C Firmware
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
low complexity
realtek CWE-787
8.0
2021-06-04 CVE-2020-27302 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware and Rtl8710C Firmware
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
low complexity
realtek CWE-787
8.0
2021-02-03 CVE-2020-25857 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service.
network
low complexity
realtek CWE-787
7.5
2021-02-03 CVE-2020-25856 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25855 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25854 Out-of-bounds Write vulnerability in Realtek Rtl8195A Firmware
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service.
network
high complexity
realtek CWE-787
8.1
2021-02-03 CVE-2020-25853 Out-of-bounds Read vulnerability in Realtek Rtl8195A Firmware
The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service.
network
low complexity
realtek CWE-125
7.5