CVE-2020-25854

Name of the Vulnerable Software and Affected Versions: Realtek RTL8195A Wi-Fi Module versions prior to 2.08

Description: The issue concerns a stack buffer overflow in the DecWPA2KeyData() function, which can be exploited for remote code execution or denial of service. This can occur when an attacker impersonates an Access Point and injects a crafted packet into the WPA2 handshake, requiring knowledge of the network's PSK to exploit. The rt arc4 crypt veneer() or AES UnWRAP veneer() internal functions are involved in the vulnerability.

Recommendations: For versions prior to 2.08, update to a version released in April 2020 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wi-Fi network to minimize the risk of exploitation. Avoid using the vulnerable Wi-Fi module until a patch is available.