Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

<div class="separator"><a href="https://thehackernews.com/images/-DmjDDFPDoR0/YLjBP6MGWvI/AAAAAAAACu8/jaOuWaGopfou_ho1qczfxJWDZXm8TU1RQCLcBGAsYHQ/s0/Realtek-hacking.jpg"></a></div> <p>A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.</p> <p>“Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module,” researchers from Israeli IoT security firm Vdoo <a href="https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day" rel="noopener" target="_blank">said</a> in a write-up published yesterday.</p> <p>The Realtek <a href="https://www.amebaiot.com/en/ameba-arduino-getting-started-rtl8710/" rel="noopener" target="_blank">RTL8710C</a> Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors.</p> <div class="ad_two clear"><center class="cf"><a href="https://go.thn.li/1-300-6" rel="nofollow noopener sponsored" target="_blank" title="password auditor"><img alt="password auditor" class="lazyload" src="https://thehackernews.com/images/-va9G8j8L8t0/YHc_zcfiuFI/AAAAAAAA3ws/2KY886mKSJkGD0dDrseOimw0dTJfitfmwCLcBGAsYHQ/s300-e100/thn-300-6.png"></a></center></div> <p>The flaws affect all embedded and IoT devices that use the component to connect to Wi-Fi networks and would require an attacker to be on the same Wi-Fi network as the devices that use the RTL8710C module or know the network’s pre-shared key (PSK), which, as the name implies, is a cryptographic secret used to authenticate wireless clients on local area networks.</p> <p>The findings follow an <a href="https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html" rel="noopener" target="_blank">earlier analysis</a> in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.</p> <div class="separator"><a href="https://thehackernews.com/images/-jT-Ij62Y3Ww/YLjAZSsvbnI/AAAAAAAACu0/bk5UPh5Avo4dsjOPkJ7hCP8KVQrwo9l9ACLcBGAsYHQ/s0/hacking.jpg"><img alt="" border="0" data-original-height="380" data-original-width="728" src="https://thehackernews.com/images/-jT-Ij62Y3Ww/YLjAZSsvbnI/AAAAAAAACu0/bk5UPh5Avo4dsjOPkJ7hCP8KVQrwo9l9ACLcBGAsYHQ/s0/hacking.jpg"></a></div> <p>In the same vein, the RTL8170C Wi-Fi module’s WPA2 <a href="https://en.wikipedia.org/wiki/IEEE_802.11i-2004#Four-way_handshake" rel="noopener" target="_blank">four-way handshake</a> mechanism is vulnerable to two stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker’s knowledge of the PSK to obtain remote code execution on WPA2 clients that use this Wi-Fi module.</p> <p>As a potential real-world attack scenario, the researchers demonstrated a proof-of-concept (PoC) exploit wherein the attacker masquerades as a legitimate access point and sends a malicious encrypted group temporal key (GTK) to any client (aka supplicant) that connects to it via WPA2 protocol. A group temporal key is used to secure all multicast and broadcast traffic.</p> <p>Vdoo said there are no known attacks underway exploiting the vulnerabilities, adding firmware versions released after Jan. 11, 2021 include mitigations that resolve the issue. The company also recommends using a “strong, private WPA2 passphrase” to prevent exploitation of the above issues in scenarios where the device’s firmware can’t be updated.</p> <p></p> <p>The post <a rel="nofollow" href="https://patabook.com/technology/2021/06/05/researchers-warn-of-critical-bugs-affecting-realtek-wi-fi-module/">Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module</a> appeared first on <a rel="nofollow" href="https://patabook.com/technology">Patabook Technology</a>.</p>

source https://patabook.com/blogs/97047/Researchers-Warn-of-Critical-Bugs-Affecting-Realtek-Wi-Fi-Module