Dangerous Vulnerabilities Fixed in Realtek Wi-Fi Modules


Specialists of the Israeli information security company Vdoo reported six vulnerabilities in Wi-Fi modules Realtek RTL8195A, allowing access with superuser privileges and take full control over the wireless communications of the device.


Realtek RTL8195A is a standalone low power Wi-Fi hardware module. It is commonly used in embedded devices in agriculture, smart homes, healthcare, gaming, and automotiv


The module uses the Ameba API to allow developers to communicate with the device via Wi-Fi, HTTP and MQTT, a lightweight messaging protocol for small sensors and mobile devices. Although the vulnerabilities discovered by Vdoo have been confirmed only in Realtek RTL8195A, they also affect RTL8711AM, RTL8711AF and RTL8710AF (up to version 2.0.6


In particular, modules are susceptible to buffer overflow and out-of-bounds read vulnerabilities that affect the WPA2 four-way handshake mechanism. The most dangerous of these is the buffer overflow vulnerability (CVE-2020-9395), which allows an attacker who is near a vulnerable device to take full control of a module without a password for a Wi-Fi network. The attack is possible regardless of whether the module plays the role of an access poin


Two more vulnerabilities can be exploited to cause denial of service, while the remaining three (including CVE-2020-25854) allow the exploitation of client Wi-Fi devices and arbitrary code executio


All six vulnerabilities were patched by the manufacturer with the release of Ameba Arduino 2.0.8. It is also worth noting that firmware versions released after April 2020 already have all the necessary protection against exploitation attack

Previous Post Next Post