{"containers": {"cna": {"affected": [{"product": "Realtek RTL8195A Wi-Fi Module", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions before 2020-04-21 (up to and excluding 2.08)"}]}], "descriptions": [{"lang": "en", "value": "The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack buffer overflow (CWE-121)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-03T16:49:05.000Z", "orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24", "shortName": "VDOO"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@vdoo.com", "ID": "CVE-2020-25855", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Realtek RTL8195A Wi-Fi Module", "version": {"version_data": [{"version_value": "Versions before 2020-04-21 (up to and excluding 2.08)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack buffer overflow (CWE-121)"}]}]}, "references": {"reference_data": [{"name": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/", "refsource": "CONFIRM", "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:49:05.976Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"}]}]}, "cveMetadata": {"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24", "assignerShortName": "VDOO", "cveId": "CVE-2020-25855", "datePublished": "2021-02-03T16:49:05.000Z", "dateReserved": "2020-09-23T00:00:00.000Z", "dateUpdated": "2024-08-04T15:49:05.976Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24D4DC02-E833-483C-885F-9E168E5F8A4C", "versionEndExcluding": "2.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*", "matchCriteriaId": "62A37D39-5134-4AFE-9F59-C8C36A113B04", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this."}, {"lang": "es", "value": "La funci\u00f3n AES_UnWRAP() en el m\u00f3dulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el par\u00e1metro size para una operaci\u00f3n memcpy(), resultando en un desbordamiento del b\u00fafer de la pila que puede ser explotado para una ejecuci\u00f3n de c\u00f3digo remota o una denegaci\u00f3n de servicio. Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete dise\u00f1ado en el protocolo de enlace WPA2. El atacante necesita conocer el PSK de la red para explotar esto"}], "id": "CVE-2020-25855", "lastModified": "2024-11-21T05:18:54.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-03T17:15:15.043", "references": [{"source": "vuln@vdoo.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/"}], "sourceIdentifier": "vuln@vdoo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "vuln@vdoo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}