Details of VAR-202102-0231

ID

VAR-202102-0231

CVE

CVE-2020-25854

TITLE

Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56816)

Trust: 0.6

sources: CNVD: CNVD-2021-56816

DESCRIPTION

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). Realtek RTL8195A Wi-Fi Module prior to versions 2.08 has a buffer error vulnerability

Trust: 2.07

sources: NVD: CVE-2020-25854 // CNVD: CNVD-2021-56816 // CNNVD: CNNVD-202102-339 // VULMON: CVE-2020-25854

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['other device', 'embedded device']	sub_category:	chip	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56816

AFFECTED PRODUCTS

vendor:

realtek

model:

rtl8195a

scope:

version:

2.08

Trust: 1.6

sources: CNVD: CNVD-2021-56816 // NVD: CVE-2020-25854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25854
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-56816
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-339
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-25854
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-56816
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25854
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-56816 // CNNVD: CNNVD-202102-339 // NVD: CVE-2020-25854

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2020-25854

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-339

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-339

PATCH

title:	Patch for Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56816)	url:	https://www.cnvd.org.cn/patchInfo/show/283531	Trust: 0.6
title:	Realtek RTL8195AM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141119	Trust: 0.6

sources: CNVD: CNVD-2021-56816 // CNNVD: CNNVD-202102-339

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25854	Trust: 2.4
db:	CNVD	id:	CNVD-2021-56816	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-339	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-25854	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56816 // VULMON: CVE-2020-25854 // CNNVD: CNNVD-202102-339 // NVD: CVE-2020-25854

REFERENCES

url:	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25854	Trust: 1.2
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196127	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56816 // VULMON: CVE-2020-25854 // CNNVD: CNNVD-202102-339 // NVD: CVE-2020-25854

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-56816
db:	VULMON	id:	CVE-2020-25854
db:	CNNVD	id:	CNNVD-202102-339
db:	NVD	id:	CVE-2020-25854

LAST UPDATE DATE

2025-01-30T19:33:03.984000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-56816	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25854	date:	2021-02-08T00:00:00
db:	CNNVD	id:	CNNVD-202102-339	date:	2021-02-09T00:00:00
db:	NVD	id:	CVE-2020-25854	date:	2024-11-21T05:18:54.527

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-56816	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25854	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202102-339	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2020-25854	date:	2021-02-03T17:15:14.747