Cybersecurity specialists reported the finding of multiple vulnerabilities in various products from Realtek, Taiwan-based semiconductor and network solutions manufacturer. According to the report, successful exploitation of these flaws would allow the deployment of denial of service (DoS) attacks, arbitrary code exploitation, among other attacks.

Below are brief descriptions of reported flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-25857: A boundary error in Realtek RTL8195AM’s “ClientEAPOLKeyRecvd()” feature would allow unauthenticated remote hackers to inject a specially designed packet into the WPA2 hands-on protocol, leading to a denial-of-service scenario on the compromised system. The flaw received a score of 6.5/10 and resides on the following versions of the affected device:

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

CVE-2020-25856: The “DecWPA2KeyData()” function is not able to validate the size parameter for a “rtl_memcpy()” operation. This condition can be exploited by remote hackers to trigger a buffer overflow by sending specially designed requests.  

This is a high severity vulnerability that received a score of 8.5/10 and resides in the following versions of Realtek:

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

CVE-2020-25855: A boundary error in the “AES_UnWRAP()” function would allow remote threat actors to trigger a buffer overflow by sending malicious requests. This is a dangerous vulnerability that received a CVSS score of 8.5/10; this flaw lies in the following products and versions:    

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

CVE-2020-25854: A boundary error in the “DecWPA2KeyData” function would allow unauthenticated remote hackers to trigger a stack-based buffer overflow to execute arbitrary code on the target system, cybersecurity experts mention.

The flaw received a score of 8.5/10 and resides in the following versions of the affected products:

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

CVE-2020-25853: A boundary condition in the “CheckMic()” function allows malicious hackers to trigger an out-of-bounds read error and generate a DoS condition on the target system. The flaw received a score of 6.5/10 and resides in the following Realtek products:

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

CVE-2020-9395: A boundary error processing an incorrectly formatted EAPOL-Key packet would allow authenticated malicious hackers to trigger a stack-based buffer overflow and execute arbitrary code on the vulnerable system.

This vulnerability received a score of 6.5/10 and resides in the following Realtek products:

  • RTL8195AM: anteriores a 2.0.8
  • RTL8711AM: anteriores a 2.0.8
  • RTL8711AF: anteriores a 2.0.8
  • RTL8710AF: anteriores a 2.0.8

While flaws can be exploited remotely, cybersecurity experts have not detected attempts at active exploitation or the existence of a malware variant associated with the attack. Security patches are now available, so affected installation administrators are advised to update as soon as possible.