INTRODUCTION
Vdoo, an end-to-end product security platform, discovered six critical vulnerabilities in Realtek Wi-Fi module found in connected devices across numerous domains.
DETAILS
The vulnerabilities in the Wi-Fi module, specifically Realtek RTL8195A, could allow a malicious actor to intercept and hijack wireless communications, subsequently facilitating in gaining higher privileges.
Realtek RTL8710C acts as an underlying support for Ameba, a programmable platform assisting in developing diverse IOT applications through built-in interfaces allowing for connection to other electronic components. The collected data then can be sent over Wi-Fi to actualize IOT communication.
As for the relation with the flaws, should an attacker be on the same Wi-Fi network as the devices using RTL8710C or have knowledge of the network’s pre-shared key (PSK), they could exploit CVE-2020-27301 or CVE-2020-27302 respectively and obtain remote code execution. This happens due to WPA2 4-way handshake key parsing which triggers two stack-based buffer overflow vulnerabilities.
Vdoo also notified that the code-sharing nature between Wi-Fi modules belonging to Ameba group, other Ameba devices could also be potentially compromised. “Since parts of the Ameba code are shared between different Wi-Fi modules from Realtek’s Ameba family, some or all of these issues may be present in other Ameba devices. For example, we found the previously-researched RTL8195A also to be vulnerable to both of the vulnerabilities mentioned above [CVE-2020-27301, CVE-2020-27302].”
The researchers also demonstrated a PoC exploit consisting of an attacker putting a façade of an authorized access point and sending a harmful group temporal key (GTK) to any client connecting to it via WPA2.
The researchers have mentioned that all known exploits have been successfully mitigated against in the patches released after 11th of January, 2021. However, for those users who cannot yet update the device’s firmware, it is advised to use a strong WPA2 passcode to stay protected from the vulnerabilities.
