Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal.
The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security.
The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo discovered that the WPA2 handshake mechanism is prone to stack overflow and out-of-bounds read bugs.
Tracked as CVE-2020-9395, the most severe of the flaws is a remotely exploitable stack overflow that could lead to a complete takeover of the module and the device’s wireless communications. The vulnerability can be exploited by an attacker in the proximity of a vulnerable system, even if they don’t know the Wi-Fi network password (Pre-Shared-Key, or PSK).
Two other vulnerabilities (an out-of-bounds read and a stack-based buffer overflow) could also be exploited without knowing the network security key (the PMK, which is derived from the PSK), to execute code remotely or cause a denial of service (DoS) condition.
All of the remaining three vulnerabilities are stack-based buffer overflow issues that could lead to remote code execution, but exploitation requires for the attacker to know the network’s PSK. Thus, the use of a strong, private WPA2 passphrase should prevent exploitation of these bugs.
Realtek has published an advisory for CVE-2020-9395 only, revealing that RTL8711AM, RTL8711AF, and RTL8710AF modules are also vulnerable.
“An issue was discovered on Realtek RTL8195A ..
Support the originator by clicking the read the rest link below.
