Warning of Critical Vulnerability Affecting Realtek Wi-Fi Modules

Researchers from Israeli IoT security company Vdoo have just released a report about a series of serious security vulnerabilities that exist in the Realtek RTL8170C WiFi module. Through these vulnerabilities, malicious actors can completely gain higher privileges on the target device and compromise data transmitted over wireless internet connection.

" These vulnerabilities, if successfully exploited, will result in complete control over the WiFi module and potential root access on the operating system (such as Linux or Android) of an embedded device using the module. this -dun "Vdoo team said in a statement.

The Realtek RTL8710C is a Wi-Fi SoC that serves as the core of Ameba, a programmable platform that is compatible with Arduino and equipped with peripheral interfaces that support the development of a wide range of IoT applications used in industrial applications. important sectors such as agriculture, automotive, energy, healthcare, industry, security and smart home.

According to the analysis results of experts, this set of vulnerabilities affects all embedded and IoT devices that use Realtek RTL8710C to connect to WiFi networks. However, to exploit the vulnerability, an attacker would have to be on the same WiFi network as the target device, or have a pre-shared key (PSK) - a type of password used for authentication. wireless clients on the local network.

WiFi module can be hacked without router password

The discovery of this critical cluster of vulnerabilities can be considered the result of an investigation conducted earlier in February, which also found similar problems in the Realtek RTL8195A WiFi module. Chief among them is a buffer overflow vulnerability (CVE-2020-9395) that allows an attacker near Realtek RTL8195 to completely take control of this module without having to hold the WiFi network password.

Similarly, the 4-way Handshake WPA2 mechanism of the RTL8170C WiFi module can also be abused by two stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS score: 8.0 ). In it, the attacker's requirement is to have PSK knowledge to remotely execute code on WPA2 clients using this WiFi module.

Returning to the vulnerabilities related to the Realtek RTL8710C module, Vdoo researchers have released a proof-of-concept (PoC) document describing a real-life exploit scenario. In it, the attacker will disguise as a legitimate access point and send a maliciously encrypted Group Temporal Key (GTK) to the target via the WPA2 protocol.

Currently, there have been no cases of successful exploitation of the above vulnerabilities recorded in practice. However, users are recommended to update the Realtek RTL8710C firmware to the latest version to limit risks. At the same time, "strong, private WPA2 passphrases" should also be deployed to limit the risk in cases where the device's firmware cannot be updated.

Lesley Montoya

Update 06 June 2021