Remote code execution when parsing WPA2 key in Realtek WiFi chipsets
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-27301 CVE-2020-27302 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
RTL8170C Hardware solutions / Firmware RTL8195AM Hardware solutions / Firmware |
| Vendor | Realtek |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU53824
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27301
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing WPA2 key. A remote attacker with knowledge of network PSK can send specially crafted packets to devices connected to the WiFi network, trigger stack-based buffer overflow and execute arbitrary code on WiFi client devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRTL8170C: All versions
RTL8195AM: All versions
External linkshttp://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU53825
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27302
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing WPA2 key. A remote attacker with knowledge of network PSK can send specially crafted packets to devices connected to the WiFi network, trigger stack-based buffer overflow and execute arbitrary code on WiFi client devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRTL8170C: All versions
RTL8195AM: All versions
External linkshttp://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
