Details of VAR-202102-0233

ID

VAR-202102-0233

CVE

CVE-2020-25856

TITLE

Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56815)

Trust: 0.6

sources: CNVD: CNVD-2021-56815

DESCRIPTION

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. Realtek RTL8195A is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). Realtek RTL8195A versions prior to 2.08 have a buffer overflow vulnerability

Trust: 2.07

sources: NVD: CVE-2020-25856 // CNVD: CNVD-2021-56815 // CNNVD: CNNVD-202102-233 // VULMON: CVE-2020-25856

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['other device', 'embedded device']	sub_category:	chip	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56815

AFFECTED PRODUCTS

vendor:

realtek

model:

rtl8195a

scope:

version:

2.08

Trust: 1.6

sources: CNVD: CNVD-2021-56815 // NVD: CVE-2020-25856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25856
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-56815
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-233
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-25856
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-56815
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25856
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-56815 // CNNVD: CNNVD-202102-233 // NVD: CVE-2020-25856

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2020-25856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-233

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-233

PATCH

title:	Patch for Realtek RTL8195A buffer overflow vulnerability (CNVD-2021-56815)	url:	https://www.cnvd.org.cn/patchInfo/show/283536	Trust: 0.6
title:	Realtek RTL8195AM Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141105	Trust: 0.6

sources: CNVD: CNVD-2021-56815 // CNNVD: CNNVD-202102-233

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25856	Trust: 2.4
db:	CNVD	id:	CNVD-2021-56815	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-233	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-25856	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56815 // VULMON: CVE-2020-25856 // CNNVD: CNNVD-202102-233 // NVD: CVE-2020-25856

REFERENCES

url:	https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25856	Trust: 1.2
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196129	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-56815 // VULMON: CVE-2020-25856 // CNNVD: CNNVD-202102-233 // NVD: CVE-2020-25856

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-56815
db:	VULMON	id:	CVE-2020-25856
db:	CNNVD	id:	CNNVD-202102-233
db:	NVD	id:	CVE-2020-25856

LAST UPDATE DATE

2025-01-30T19:28:39.647000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-56815	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25856	date:	2021-02-08T00:00:00
db:	CNNVD	id:	CNNVD-202102-233	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-25856	date:	2024-11-21T05:18:54.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-56815	date:	2021-07-30T00:00:00
db:	VULMON	id:	CVE-2020-25856	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202102-233	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2020-25856	date:	2021-02-03T17:15:15.420