Details of VAR-202102-0230

ID

VAR-202102-0230

CVE

CVE-2020-25853

TITLE

Realtek RTL8195A buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-56818

DESCRIPTION

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. Realtek RTL8195A is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). Realtek RTL8195A versions prior to 2.08 have a buffer overflow vulnerability

Trust: 2.07

sources: NVD: CVE-2020-25853 // CNVD: CNVD-2021-56818 // CNNVD: CNNVD-202102-344 // VULMON: CVE-2020-25853

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['other device']	sub_category:	general	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56818

AFFECTED PRODUCTS

vendor:

realtek

model:

rtl8195a

scope:

version:

2.08

Trust: 1.6

sources: CNVD: CNVD-2021-56818 // NVD: CVE-2020-25853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25853
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-56818
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-344
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-25853
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-56818
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25853
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-56818 // CNNVD: CNNVD-202102-344 // NVD: CVE-2020-25853

PROBLEMTYPE DATA

problemtype:	CWE-126	Trust: 1.0
problemtype:	CWE-125	Trust: 1.0

sources: NVD: CVE-2020-25853

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-344

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-344

PATCH

title:	Patch for Realtek RTL8195A buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/283521	Trust: 0.6
title:	Realtek RTL8195AM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141120	Trust: 0.6

sources: CNVD: CNVD-2021-56818 // CNNVD: CNNVD-202102-344

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25853	Trust: 2.4
db:	CNVD	id:	CNVD-2021-56818	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-344	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-25853	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56818 // VULMON: CVE-2020-25853 // CNNVD: CNNVD-202102-344 // NVD: CVE-2020-25853

REFERENCES

url:	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25853	Trust: 1.2
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196123	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56818 // VULMON: CVE-2020-25853 // CNNVD: CNNVD-202102-344 // NVD: CVE-2020-25853

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-56818
db:	VULMON	id:	CVE-2020-25853
db:	CNNVD	id:	CNNVD-202102-344
db:	NVD	id:	CVE-2020-25853

LAST UPDATE DATE

2025-01-30T22:24:12.977000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-56818	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25853	date:	2021-02-08T00:00:00
db:	CNNVD	id:	CNNVD-202102-344	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-25853	date:	2024-11-21T05:18:54.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-56818	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25853	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202102-344	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2020-25853	date:	2021-02-03T17:15:14.187