// For flags

CVE-2020-25853

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

La función CheckMic() en el módulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el parámetro size para una función interna, _rt_md5_hmac_veneer() o _rt_hmac_sha1_veneer(), resulta en una lectura excesiva del búfer de pila que puede ser explotada para una denegación de servicio. Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete diseñado en el protocolo de enlace WPA2. El atacante no necesita conocer el PSK de la red

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-23 CVE Reserved
  • 2021-02-03 CVE Published
  • 2023-10-20 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
  • CWE-126: Buffer Over-read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Realtek
Search vendor "Realtek"
 Rtl8195a Firmware
Search vendor "Realtek" for product "Rtl8195a Firmware"
 < 2.08
Search vendor "Realtek" for product "Rtl8195a Firmware" and version " < 2.08"
-
Affected
in Realtek
Search vendor "Realtek"
 Rtl8195a
Search vendor "Realtek" for product "Rtl8195a"
--
Safe