CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2020-27302
https://notcve.org/view.php?id=CVE-2020-27302
04 Jun 2021 — A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. Un desbordamiento del búfer de la pila en el Realtek RTL8710 (y otros dispositivos basados en Ameba) puede conllevar a una ejecución de código remota por medio de la función "memcpy", cuando un atacante en el rango de la Wi-Fi envía un valor "Encrypted GTK" diseñado co... • https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 1%CPEs: 4EXPL: 2CVE-2020-27301
https://notcve.org/view.php?id=CVE-2020-27301
04 Jun 2021 — A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. Un desbordamiento del búfer de la pila en Realtek RTL8710 (y otros dispositivos basados en Ameba) puede conllevar a una ejecución de código remota por medio de la función "AES_UnWRAP", cuando un atacante en el alcance del Wi-Fi envía un valor "Encrypted GTK" diseña... • https://github.com/chertoGUN/CVE-2020-27301-hostapd • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-23539
https://notcve.org/view.php?id=CVE-2020-23539
08 Apr 2021 — An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. Se detectó un problema en Realtek rtl8723de BLE Stack versiones anteriores a 4.1 incluyéndola, que permite a atacantes remotos causar una Denegación de Servicio por medio del campo de intervalo al mensaje CONNECT_REQ • https://github.com/pokerfacett/MY_REQUEST/blob/df73fe140655ea44542b03ac186e6c2b47e97540/Realtek%208723ds%20BLE%20SDK%20denial%20of%20service%20attack.md • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27372
https://notcve.org/view.php?id=CVE-2021-27372
25 Mar 2021 — Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. Realtek xPON RTL9601D SDK versión 1.9, almacena las contraseñas en texto plano, lo que puede permitir que atacantes posiblemente consigan acceso al dispositivo con permisos root por medio de la herramienta de monitoreo de red incorporada y ejecutar comandos arbitrarios. • https://www.realtek.com/images/safe-report/RTL9601D_CVE-2021-27372.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25853
https://notcve.org/view.php?id=CVE-2020-25853
03 Feb 2021 — The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's P... • https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25854
https://notcve.org/view.php?id=CVE-2020-25854
03 Feb 2021 — The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to... • https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2020-25855
https://notcve.org/view.php?id=CVE-2020-25855
03 Feb 2021 — The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. La... • https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25856
https://notcve.org/view.php?id=CVE-2020-25856
03 Feb 2021 — The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit... • https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25857
https://notcve.org/view.php?id=CVE-2020-25857
03 Feb 2021 — The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. La función ClientEAPOLKeyRecvd... • https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18990
https://notcve.org/view.php?id=CVE-2019-18990
30 Sep 2020 — A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. Se presenta una vulnerabilidad de omisión de autenticación parcial en los dispositivos R... • https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020 • CWE-290: Authentication Bypass by Spoofing •