Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVDOOCVELIST:CVE-2020-25856
HistoryFeb 03, 2021 - 4:49 p.m.

CVE-2020-25856

2021-02-0316:49:02
CWE-121
VDOO
www.cve.org

0.007 Low

EPSS

Percentile

79.8%

JSON

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this.

CNA Affected

[
  {
    "product": "Realtek RTL8195A Wi-Fi Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 2020-04-21 (up to and excluding 2.08)"
      }
    ]
  }
]

Related

cve 1
nvd 1
cnvd 1
prion 1
cve
cve
CVE-2020-25856
2021-02-03 17:15:15
nvd
nvd
CVE-2020-25856
2021-02-03 17:15:15
cnvd
cnvd
Realtek RTL8195A Buffer Overflow Vulnerability (CNVD-2021-56815)
2021-02-05 00:00:00
prion
prion
Stack overflow
2021-02-03 17:15:00

0.007 Low

EPSS

Percentile

79.8%

JSON
Related for CVELIST:CVE-2020-25856
cve1nvd1cnvd1prion1