CVE-2020-25853

Name of the Vulnerable Software and Affected Versions: Realtek RTL8195A Wi-Fi Module versions prior to 2.08

Description: The issue arises from the function CheckMic() not validating the size parameter for internal functions rt md5 hmac veneer() or rt hmac sha1 veneer(), resulting in a stack buffer over-read. This can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client by injecting a crafted packet into the WPA2 handshake, without needing to know the network's PSK.

Recommendations: For versions prior to 2.08, update to version 2.08 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable Wi-Fi clients to minimize the risk of exploitation. Avoid using the CheckMic() function until a patch is available.