Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

By The Hacker News - 2021-02-04

Description

Critical Full Takeover Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Summary

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications.
Although the issues uncovered by Vdoo were verified only on RTL8195A, the researchers said they extend to other modules as well, including RTL8711AM, RTL8711AF, and RTL8710AF.
Chief among them is a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module, without having to know the Wi-Fi network password (or pre-shared key) and regardless of whether the module is acting as a Wi-Fi access point (AP) or client.

Topics

Security (0.27)
Machine_Learning (0.14)
Backend (0.1)

Similar Articles

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

By CSO Online - 2021-01-28

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

By The Hacker News - 2021-01-18

The U.S. National Security Agency (NSA) Suggests Enterprises Use 'Designated' DNS over HTTPS (DoH) Resolvers

Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices

By The Hacker News - 2021-02-05

New Matryosh DDoS Botnet Targeting Android-Based Devices

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

By The Hacker News - 2021-02-24

A new hack lets criminals bypass PIN for a Mastercard contactless card by tricking terminals into believing it to be a Visa card.

Linux malware backdoors supercomputers

By Help Net Security - 2021-02-02

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters.

Why DDoS Attacks Are Thriving in the Work-From-Home Era

By Dice Insights - 2021-02-18

In 2020 DDoS made a comeback as employees moved into home offices and cybercriminals updated their techniques and attack vectors.