Important bugs present in well-liked Realtek Wi-Fi module for embedded gadgets

Main vulnerabilities have been found within the Realtek RTL8195A Wi-Fi module that might have been used to realize root entry and take full management of the machine’s wi-fi communications.

The six flaws have been reported by researchers at Israeli IoT safety agency Vdoo.

The Realtek RTL8195A module is a standalone, low energy consumption Wi-Fi {hardware} module focused at embedded gadgets utilized in a number of industries such because the agriculture, sensible dwelling, healthcare, gaming and automotive sectors.

It additionally makes use of an “amoeba” API, permitting builders to speak with the machine through Wi-Fi, HTTP and MQTT, a light-weight messaging protocol for small sensors and cellular gadgets.

Cyber ​​security

Though the problems uncovered by Vdoo have been solely verified on the RTL8195A, the researchers stated they prolong to different modules as properly, together with the RTL8711AM, RTL8711AF and RTL8710AF.

The issues are associated to Stack Overflow’s combine, and reads that stem from the Wi-Fi module’s WPA2 four-way handshake mechanism throughout out-of-bounds authentication.

Chief amongst them is a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker to utterly take over the module with out figuring out the Wi-Fi community password (or pre-shared key) in proximity of the RTL8195 module. And no matter whether or not the module is performing as a Wi-Fi entry level (AP) or a shopper.

Two different vulnerabilities could be misused to trigger denial of service, whereas one other set of three vulnerabilities, together with CVE-2020-25854, may permit the exploitation of Wi-Fi shopper gadgets and the execution of arbitrary code. Is.

Cyber ​​security

Thus in one of many doable assault situations, an adversary with prior data of the passphrase for the WPA2 Wi-Fi community to which the sufferer machine is related may create a malicious AP by sniffing the community’s SSID and Pairwise Transit Key (PTK). – which is used to encrypt the visitors between the shopper and the AP – and forces the goal to connect with the brand new AP and run malicious code.

In response, Realtek has launched Ameba Arduino 2.0.8 with patches for all six vulnerabilities discovered by Vdoo. It’s price noting that firmware variations launched after April 21, 2020 already include the required protections to thwart such takeover assaults.

“An issue was detected on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF gadgets previous to 2.0. “A stack-based buffer overflow exists in shopper code that handles WPA2’s 4-way handshake through a malformed EAPOL-key packet with an extended keydata buffer.”

Supply hyperlink