Realtek RTL8195A prior 2.08 WPA2 Handshake DecWPA2KeyData size stack-based overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Realtek RTL8195A and classified as critical. This vulnerability affects the function DecWPA2KeyData of the component WPA2 Handshake Handler. Upgrading to version 2.08 eliminates this vulnerability.

Field02/04/2021 10:19 AM02/23/2021 12:38 PM
vendorRealtekRealtek
nameRTL8195ARTL8195A
componentWPA2 Handshake HandlerWPA2 Handshake Handler
functionDecWPA2KeyDataDecWPA2KeyData
argumentsizesize
cwe121 (memory corruption)121 (memory corruption)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
nameUpgradeUpgrade
upgrade_version2.082.08
cveCVE-2020-25854CVE-2020-25854
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore6.55.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.36.0
price_0day$0-$5k$0-$5k
cve_assigned1600812000
cve_nvd_summaryThe function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.
confirm_urlhttps://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/

Do you want to use VulDB in your project?

Use the official API to access entries easily!