Realtek RTL8195A prior 2.08 WPA2 Handshake ClientEAPOLKeyRecvd size stack-based overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Realtek RTL8195A. It has been declared as critical. Affected by this vulnerability is the function ClientEAPOLKeyRecvd of the component WPA2 Handshake Handler. Upgrading to version 2.08 eliminates this vulnerability.

Field02/04/2021 10:37 AM02/23/2021 12:54 PM
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
nameUpgradeUpgrade
upgrade_version2.082.08
cveCVE-2020-25857CVE-2020-25857
vendorRealtekRealtek
nameRTL8195ARTL8195A
componentWPA2 Handshake HandlerWPA2 Handshake Handler
functionClientEAPOLKeyRecvdClientEAPOLKeyRecvd
argumentsizesize
cwe121 (memory corruption)121 (memory corruption)
risk22
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.24.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$0-$5k$0-$5k
cve_nvd_summaryThe function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.
confirm_urlhttps://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
cve_assigned1600812000

Do you want to use VulDB in your project?

Use the official API to access entries easily!