Details of VAR-202102-0232

ID

VAR-202102-0232

CVE

CVE-2020-25855

TITLE

Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56817)

Trust: 0.6

sources: CNVD: CNVD-2021-56817

DESCRIPTION

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). Realtek RTL8195A Wi-Fi Module prior to versions 2.08 has a buffer error vulnerability

Trust: 2.07

sources: NVD: CVE-2020-25855 // CNVD: CNVD-2021-56817 // CNNVD: CNNVD-202102-334 // VULMON: CVE-2020-25855

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['other device', 'embedded device']	sub_category:	chip	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56817

AFFECTED PRODUCTS

vendor:

realtek

model:

rtl8195a

scope:

version:

2.08

Trust: 1.6

sources: CNVD: CNVD-2021-56817 // NVD: CVE-2020-25855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25855
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-56817
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-334
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-25855
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-56817
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25855
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-56817 // CNNVD: CNNVD-202102-334 // NVD: CVE-2020-25855

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2020-25855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-334

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-334

PATCH

title:	Patch for Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56817)	url:	https://www.cnvd.org.cn/patchInfo/show/283526	Trust: 0.6
title:	Realtek RTL8195AM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141118	Trust: 0.6

sources: CNVD: CNVD-2021-56817 // CNNVD: CNNVD-202102-334

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25855	Trust: 2.4
db:	CNVD	id:	CNVD-2021-56817	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-334	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-25855	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56817 // VULMON: CVE-2020-25855 // CNNVD: CNNVD-202102-334 // NVD: CVE-2020-25855

REFERENCES

url:	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25855	Trust: 1.2
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196128	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56817 // VULMON: CVE-2020-25855 // CNNVD: CNNVD-202102-334 // NVD: CVE-2020-25855

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-56817
db:	VULMON	id:	CVE-2020-25855
db:	CNNVD	id:	CNNVD-202102-334
db:	NVD	id:	CVE-2020-25855

LAST UPDATE DATE

2025-01-30T21:10:50.714000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-56817	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25855	date:	2021-02-08T00:00:00
db:	CNNVD	id:	CNNVD-202102-334	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-25855	date:	2024-11-21T05:18:54.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-56817	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25855	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202102-334	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2020-25855	date:	2021-02-03T17:15:15.043