Critical bugs found in Realtek RTL8195A Wi-Fi module [CVE-2020-9395]
Analysis by the IoT security firm Vdoo, discovered that six major vulnerabilities exist in the Realtek RTL8195A wifi module. This has been assigned CVE-2020-9395.
Uriya Yavniely, Security Researcher, at Vdoo said that “the most severe issue we discovered is VD-1406, a remote stack overflow that allows an attacker in the proximity of an RTL8195 module to completely take over the module, without knowing the Wi-Fi network password (PSK) and regardless of whether the module is acting as a Wi-Fi access point or client.”
As part of the module’s Wi-Fi functionality, the module supports the WEP, WPA and WPA2 authentication modes.
The RTL8195A is a standalone Wi-Fi hardware module which is being used in many low-power applications: The module is an extremely compact, low-power Wi-Fi module targeted at embedded devices. It has supported software from major vendors such as ARM, Samsung, Google, Amazon and more. For example, according to AWS it is used in a myriad of industries such as:
- Agriculture
- Automotive
- Energy
- Gaming
- Healthcare
- Industrial
- Security
- Smart Home
The most severe issue we discovered is VD-1406, a remote stack overflow that allows an attacker in the proximity of an RTL8195 module to completely take over the module, without knowing the Wi-Fi network password (PSK) and regardless of whether the module is acting as a Wi-Fi access point or client. The attack scenarios are detailed in the next section: “Technical Deep-Dive”.
VD-1407 and VD-1411 can also be exploited without knowing the network security key (the PSK, or more accurately the PMK which is derived from it) and by this, a remote code execution or denial of service can be performed on a WPA2 client that uses this Wi-Fi module.
VD-1408, VD-1409 and VD-1410 require the attacker to know the network’s PSK as a prerequisite for the attack and can be abused for obtaining remote code execution on WPA2 clients that use this Wi-Fi module.
Realtek has already published a security bulletin and allocated a CVE on VD-1406.
You can read the full report here – https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.