Multiple vulnerabilities in Realtek routers; update as soon as possible
Cybersecurity specialists reported the discovery of multiple vulnerabilities in the RTL8195A WiFi module whose exploitation would allow the deployment of remote attacks against all kinds of industrial control devices. This WiFi module is designed for use in integrated devices and has become a popular implementation for the automotive, energy, healthcare, security, and more industries.
Since the RTL8195A chip supports WEP authentication mechanisms, WPA and WPA2, a group of specialists discovered that the WPA2 hands protocol mechanism is susceptible to off-limit write and stack overflow errors: “The most severe of failures, tracked as CVE-2020–9395, is a stack overflow that could be exploited remotely by an unauthenticated threat actor”, mentions the report.
In addition, two minor vulnerabilities were reported that could be exploited even if threat actors do not know the network security key, which could lead to remote code execution or denial of service (DoS) conditions. The remaining three flaws relate to stack-based buffer overflow issues, which could lead to remote code execution, although these attacks require hackers to know the network security key.
In this regard, Realtek issued a security alert for CVE-2020–9395, mentioning that the RTL8711AM modules, RTL8711AF and RTL8710AF are also affected by this flaw: “The finding of a security issue has been reported on Realtek RTL8195AM, RTL8711AM, RTL8711AF and RTL8710AF devices prior to version 2.0.6, which could pose a security risk,” the report says.
On the other hand, the researchers who detected the problem mention that because there are no mitigation factors, the exploitation of this flaw is relatively simple: “This attack is possible regardless of whether the victim is the client or the access point, so it should be corrected as soon as possible.”
Every single flaw was addressed in the latest version of Ameba Arduino, available on Realtek’s official sites. It is recommended that vulnerable system administrators update their installations as soon as possible. Device versions created after March 3, 2020 have the necessary patches for CVE-2020–9395, while versions built after April 21, 2020 are fully patched for the rest of reported issues.
To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Cyber Security Institute (IICS) website.
Originally published at https://www.securitynewspaper.com on February 4, 2021.