- Description
- A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
- Source
- vuln@vdoo.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.7
- Impact score
- 10
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:C/I:C/A:C
- nvd@nist.gov
- CWE-787
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8710c_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F44702F-DFF5-4797-BA71-6CF5591782CF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8710c:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DEB9942A-10B7-4838-B437-DA3F842CAA66"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8195a_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C242328-36B8-4995-8174-378EDB8E6A7A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "62A37D39-5134-4AFE-9F59-C8C36A113B04"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]