PT-2021-11189 · Realtek · Realtek Rtl8195A Wi-Fi Module

Published

2021-02-03

Updated

2021-02-08

CVE-2020-25856

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Realtek RTL8195A Wi-Fi Module versions prior to 2.08

Description: The issue concerns a stack buffer overflow in the DecWPA2KeyData() function, which can be exploited for remote code execution or denial of service. This can occur when an attacker impersonates an Access Point and injects a crafted packet into the WPA2 handshake, requiring knowledge of the network's PSK to exploit. The rtl memcpy() operation is involved, lacking size parameter validation.

Recommendations: For versions prior to 2.08, update to a version released in April 2020 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wi-Fi network to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2020-25856

Affected Products

Realtek Rtl8195A Wi-Fi Module

PT-2021-11189 · Realtek · Realtek Rtl8195A Wi-Fi Module

CVE-2020-25856

Weakness Enumeration

Related Identifiers

Affected Products

References · 3