PT-2020-20632 · Realtek · Rtl8711Am+3
Published
2020-07-06
·
Updated
2021-07-21
·
CVE-2020-9395
CVSS v3.1
8.0
High
| Vector | AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Realtek RTL8195AM versions prior to 2.0.6
Realtek RTL8711AM versions prior to 2.0.6
Realtek RTL8711AF versions prior to 2.0.6
Realtek RTL8710AF versions prior to 2.0.6
Description
A stack-based buffer overflow issue exists in the client code handling WPA2's 4-way-handshake. This occurs via a malformed EAPOL-Key packet with a long
keydata buffer.Recommendations
For Realtek RTL8195AM versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
For Realtek RTL8711AM versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
For Realtek RTL8711AF versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
For Realtek RTL8710AF versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to the WPA2 4-way-handshake functionality until a patch is available.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rtl8195Am
Rtl8710Af
Rtl8711Af
Rtl8711Am