cvelistv5 - cve-2020-25854

CVE-2020-25854 (GCVE-0-2020-25854)

Vulnerability from cvelistv5 – Published: 2021-02-03 16:49 – Updated: 2024-08-04 15:49

Summary

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.

Severity ?

No CVSS data available.

CWE

CWE-121 - Stack buffer overflow (CWE-121)

Assigner

VDOO

References

URL

Tags

https://www.vdoo.com/blog/realtek-rtl8195a-vulner…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Realtek RTL8195A Wi-Fi Module	Affected: Versions before 2020-04-21 (up to and excluding 2.08)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:05.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Realtek RTL8195A Wi-Fi Module",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 2020-04-21 (up to and excluding 2.08)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack buffer overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-03T16:49:08",
        "orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
        "shortName": "VDOO"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@vdoo.com",
          "ID": "CVE-2020-25854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Realtek RTL8195A Wi-Fi Module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack buffer overflow (CWE-121)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
              "refsource": "CONFIRM",
              "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
    "assignerShortName": "VDOO",
    "cveId": "CVE-2020-25854",
    "datePublished": "2021-02-03T16:49:08",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:49:05.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.08\", \"matchCriteriaId\": \"24D4DC02-E833-483C-885F-9E168E5F8A4C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A37D39-5134-4AFE-9F59-C8C36A113B04\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n DecWPA2KeyData() en el m\\u00f3dulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el par\\u00e1metro size para una funci\\u00f3n interna, rt_arc4_crypt_veneer() o _AES_UnWRAP_veneer(), resulta en un desbordamiento del b\\u00fafer de la pila que puede ser explotado para una ejecuci\\u00f3n de c\\u00f3digo remota o una denegaci\\u00f3n de servicio.\u0026#xa0;Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete dise\\u00f1ado en el protocolo de enlace WPA2.\u0026#xa0;El atacante necesita conocer el PSK de la red para explotar esto\"}]",
      "id": "CVE-2020-25854",
      "lastModified": "2024-11-21T05:18:54.527",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-03T17:15:14.747",
      "references": "[{\"url\": \"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/\", \"source\": \"vuln@vdoo.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "vuln@vdoo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"vuln@vdoo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-25854\",\"sourceIdentifier\":\"vuln@vdoo.com\",\"published\":\"2021-02-03T17:15:14.747\",\"lastModified\":\"2024-11-21T05:18:54.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n DecWPA2KeyData() en el m\u00f3dulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el par\u00e1metro size para una funci\u00f3n interna, rt_arc4_crypt_veneer() o _AES_UnWRAP_veneer(), resulta en un desbordamiento del b\u00fafer de la pila que puede ser explotado para una ejecuci\u00f3n de c\u00f3digo remota o una denegaci\u00f3n de servicio.\u0026#xa0;Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete dise\u00f1ado en el protocolo de enlace WPA2.\u0026#xa0;El atacante necesita conocer el PSK de la red para explotar esto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vuln@vdoo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.08\",\"matchCriteriaId\":\"24D4DC02-E833-483C-885F-9E168E5F8A4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A37D39-5134-4AFE-9F59-C8C36A113B04\"}]}]}],\"references\":[{\"url\":\"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/\",\"source\":\"vuln@vdoo.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2020-25854

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-25854

Aliases

CVE-2020-25854

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-25854",
    "description": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this.",
    "id": "GSD-2020-25854"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-25854"
      ],
      "details": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this.",
      "id": "GSD-2020-25854",
      "modified": "2023-12-13T01:21:57.195425Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vuln@vdoo.com",
        "ID": "CVE-2020-25854",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Realtek RTL8195A Wi-Fi Module",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Stack buffer overflow (CWE-121)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
            "refsource": "CONFIRM",
            "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.08",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@vdoo.com",
          "ID": "CVE-2020-25854"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-02-08T18:32Z",
      "publishedDate": "2021-02-03T17:15Z"
    }
  }
}

FKIE_CVE-2020-25854

Vulnerability from fkie_nvd - Published: 2021-02-03 17:15 - Updated: 2024-11-21 05:18

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	vuln@vdoo.com	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	realtek	rtl8195a_firmware	*
	realtek	rtl8195a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D4DC02-E833-483C-885F-9E168E5F8A4C",
              "versionEndExcluding": "2.08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A37D39-5134-4AFE-9F59-C8C36A113B04",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n DecWPA2KeyData() en el m\u00f3dulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el par\u00e1metro size para una funci\u00f3n interna, rt_arc4_crypt_veneer() o _AES_UnWRAP_veneer(), resulta en un desbordamiento del b\u00fafer de la pila que puede ser explotado para una ejecuci\u00f3n de c\u00f3digo remota o una denegaci\u00f3n de servicio.\u0026#xa0;Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete dise\u00f1ado en el protocolo de enlace WPA2.\u0026#xa0;El atacante necesita conocer el PSK de la red para explotar esto"
    }
  ],
  "id": "CVE-2020-25854",
  "lastModified": "2024-11-21T05:18:54.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-03T17:15:14.747",
  "references": [
    {
      "source": "vuln@vdoo.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
    }
  ],
  "sourceIdentifier": "vuln@vdoo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "vuln@vdoo.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202102-0231

Vulnerability from variot - Updated: 2023-12-18 13:27

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0231",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rtl8195a",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "realtek",
        "version": "2.08"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.08",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      }
    ]
  },
  "cve": "CVE-2020-25854",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2021-56816",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-25854",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-56816",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-339",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). \nRealtek RTL8195A Wi-Fi Module prior to versions 2.08 has a buffer error vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25854"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-25854",
        "trust": 2.3
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25854",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "id": "VAR-202102-0231",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:27:50.298000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56816)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/283531"
      },
      {
        "title": "Realtek RTL8195AM Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141119"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196127"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25854"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "date": "2021-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-25854"
      },
      {
        "date": "2021-02-03T17:15:14.747000",
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "date": "2021-02-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      },
      {
        "date": "2021-02-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-25854"
      },
      {
        "date": "2021-02-08T18:32:11.180000",
        "db": "NVD",
        "id": "CVE-2020-25854"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56816)",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-56816"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-339"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2021-56816

Vulnerability from cnvd - Published: 2021-07-30

Title

Realtek RTL8195A缓冲区溢出漏洞（CNVD-2021-56816）

Description

Realtek RTL8195A是中国台湾瑞昱半导体（Realtek）公司的一款物联网微控制器。 Realtek RTL8195A 2.08之前版本存在缓冲区溢出漏洞，攻击者可利用该漏洞将精心设计的数据包注入WPA2握手来模拟接入点并攻击易受攻击的Wi-Fi客户端。

Severity

中

Patch Name

Realtek RTL8195A缓冲区溢出漏洞（CNVD-2021-56816）的补丁

Patch Description

Realtek RTL8195A是中国台湾瑞昱半导体（Realtek）公司的一款物联网微控制器。 Realtek RTL8195A 2.08之前版本存在缓冲区溢出漏洞，攻击者可利用该漏洞将精心设计的数据包注入WPA2握手来模拟接入点并攻击易受攻击的Wi-Fi客户端。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.amebaiot.com/en/ameba-arduino-getting-started/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-25854

Impacted products

Name
Realtek RTL8195A <2.08

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-25854",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-25854"
    }
  },
  "description": "Realtek RTL8195A\u662f\u4e2d\u56fd\u53f0\u6e7e\u745e\u6631\u534a\u5bfc\u4f53\uff08Realtek\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7269\u8054\u7f51\u5fae\u63a7\u5236\u5668\u3002\n\nRealtek RTL8195A 2.08\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6570\u636e\u5305\u6ce8\u5165WPA2\u63e1\u624b\u6765\u6a21\u62df\u63a5\u5165\u70b9\u5e76\u653b\u51fb\u6613\u53d7\u653b\u51fb\u7684Wi-Fi\u5ba2\u6237\u7aef\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.amebaiot.com/en/ameba-arduino-getting-started/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-56816",
  "openTime": "2021-07-30",
  "patchDescription": "Realtek RTL8195A\u662f\u4e2d\u56fd\u53f0\u6e7e\u745e\u6631\u534a\u5bfc\u4f53\uff08Realtek\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7269\u8054\u7f51\u5fae\u63a7\u5236\u5668\u3002\r\n\r\nRealtek RTL8195A 2.08\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6570\u636e\u5305\u6ce8\u5165WPA2\u63e1\u624b\u6765\u6a21\u62df\u63a5\u5165\u70b9\u5e76\u653b\u51fb\u6613\u53d7\u653b\u51fb\u7684Wi-Fi\u5ba2\u6237\u7aef\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Realtek RTL8195A\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-56816\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Realtek RTL8195A \u003c2.08"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-25854",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-05",
  "title": "Realtek RTL8195A\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-56816\uff09"
}

GHSA-8Q7X-WX54-W95J

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-25854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-03T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\u0027s PSK in order to exploit this.",
  "id": "GHSA-8q7x-wx54-w95j",
  "modified": "2022-05-24T17:40:54Z",
  "published": "2022-05-24T17:40:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25854"
    },
    {
      "type": "WEB",
      "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-25854 (GCVE-0-2020-25854)

GSD-2020-25854

FKIE_CVE-2020-25854

VAR-202102-0231

CNVD-2021-56816

GHSA-8Q7X-WX54-W95J

Tags

Sightings

Nomenclature