Vulnerabilites related to realtek - rtl8195am
var-202112-2105
Vulnerability from variot
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. Realtek RTL8195AM The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). The Realtek RTL8195AM version before 2.0.10 has a buffer error vulnerability. The vulnerability is caused by the lack of effective processing of large-length text in the software, which leads to a stack buffer overflow. Attackers can send large-size Authentication challenge texts to achieve client-side exploits
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2105",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtl8195am",
"scope": "lt",
"trust": 1.0,
"vendor": "realtek",
"version": "2.0.10"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "rtl8195am firmware 2.0.10"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"cve": "CVE-2021-39306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-39306",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-39306",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-39306",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-39306",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-39306",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2203",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-39306",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. Realtek RTL8195AM The device contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). \nThe Realtek RTL8195AM version before 2.0.10 has a buffer error vulnerability. The vulnerability is caused by the lack of effective processing of large-length text in the software, which leads to a stack buffer overflow. Attackers can send large-size Authentication challenge texts to achieve client-side exploits",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-39306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"db": "VULMON",
"id": "CVE-2021-39306"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-39306",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-39306",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"id": "VAR-202112-2105",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20833333
},
"last_update_date": "2024-08-14T14:31:28.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.realtek.com/en/"
},
{
"title": "Realtek RTL8195AM Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.realtek.com"
},
{
"trust": 1.7,
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39306"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"date": "2022-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"date": "2021-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"date": "2021-12-22T19:15:11.373000",
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39306"
},
{
"date": "2022-12-28T03:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-017048"
},
{
"date": "2022-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2203"
},
{
"date": "2022-01-04T18:49:37.060000",
"db": "NVD",
"id": "CVE-2021-39306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realtek\u00a0RTL8195AM\u00a0 Out-of-bounds write vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017048"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2203"
}
],
"trust": 0.6
}
}
var-202007-1257
Vulnerability from variot
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. plural Realtek The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Realtek RTL8195AM, etc. are all an IoT microcontroller of Taiwan Realtek Semiconductor (Realtek). A buffer error vulnerability exists in many Realtek products. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of a specially crafted EAPOL-Key packet. The following products and versions are affected: Realtek RTL8195AM before 2.0.6; RTL8711AM before 2.0.6; RTL8711AF before 2.0.6; RTL8710AF before 2.0.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtl8710af",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8711af",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8711am",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8195am",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8710af",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8711af",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8711am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:realtek:rtl8195am_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8710af_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8711af_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8711am_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
}
]
},
"cve": "CVE-2020-9395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2020-9395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007682",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CNVD-2021-18235",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2020-9395",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9395",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007682",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-18235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-279",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2\u0027s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. plural Realtek The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Realtek RTL8195AM, etc. are all an IoT microcontroller of Taiwan Realtek Semiconductor (Realtek). \nA buffer error vulnerability exists in many Realtek products. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of a specially crafted EAPOL-Key packet. The following products and versions are affected: Realtek RTL8195AM before 2.0.6; RTL8711AM before 2.0.6; RTL8711AF before 2.0.6; RTL8710AF before 2.0.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9395"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9395",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18235",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47100",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"id": "VAR-202007-1257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
}
],
"trust": 1.1520833575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
}
]
},
"last_update_date": "2024-11-23T21:35:25.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Realtek IoT/Wi-Fi MCU Solutions",
"trust": 0.8,
"url": "https://www.amebaiot.com/en/security_bulletin/"
},
{
"title": "Patch for Buffer overflow vulnerabilities in many Realtek products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253426"
},
{
"title": "Multiple Realtek Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"trust": 2.4,
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"trust": 1.6,
"url": "https://www.amebaiot.com/en/security_bulletin/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9395"
},
{
"trust": 1.2,
"url": "https://www.amebaiot.com/en/arduino-faq/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9395"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"date": "2020-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"date": "2020-07-06T22:15:11.553000",
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"date": "2024-11-21T05:40:33.507000",
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Realtek Classic buffer overflow vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 0.6
}
}
var-202111-0656
Vulnerability from variot
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. Realtek RTL8195AM A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). The Realtek RTL8195AM version before 2.0.10 has a buffer error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtl8195am",
"scope": "lte",
"trust": 1.0,
"vendor": "realtek",
"version": "2.0.10"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "rtl8195am firmware 2.0.10"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"cve": "CVE-2021-43573",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43573",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43573",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-43573",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43573",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-43573",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1072",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. Realtek RTL8195AM A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Realtek RTL8195AM is an IoT microcontroller from Taiwan Realtek Semiconductor (Realtek). \nThe Realtek RTL8195AM version before 2.0.10 has a buffer error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43573"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43573",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"id": "VAR-202111-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20833333
},
"last_update_date": "2024-11-23T22:33:00.185000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Realtek\u00a0Semiconductor\u00a0Corp",
"trust": 0.8,
"url": "https://www.realtek.com/en/"
},
{
"title": "Realtek RTL8195AM Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169876"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43573"
},
{
"trust": 0.6,
"url": "https://realtek.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"date": "2021-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"date": "2021-11-11T04:15:06.470000",
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T05:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-014875"
},
{
"date": "2021-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1072"
},
{
"date": "2024-11-21T06:29:28.120000",
"db": "NVD",
"id": "CVE-2021-43573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realtek\u00a0RTL8195AM\u00a0 Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1072"
}
],
"trust": 0.6
}
}
var-202209-1775
Vulnerability from variot
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode. Realtek Semiconductor Corp of RTL8195AM There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. The Realtek RTL8195AM is an IoT microcontroller from China's Realtek Corporation. Realtek RTL8195AM 284241d70308ff2519e40afd7b284ba892c730a3 has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1775",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtl8195am",
"scope": "lt",
"trust": 1.0,
"vendor": "realtek",
"version": "2022-06-20"
},
{
"model": "rtl8195am",
"scope": null,
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "rtl8195am firmware 2022-06-20"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"cve": "CVE-2022-34326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-34326",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-34326",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34326",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34326",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2811",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode. Realtek Semiconductor Corp of RTL8195AM There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. The Realtek RTL8195AM is an IoT microcontroller from China\u0027s Realtek Corporation. \nRealtek RTL8195AM 284241d70308ff2519e40afd7b284ba892c730a3 has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34326",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU98082029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018120",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"id": "VAR-202209-1775",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20833333
},
"last_update_date": "2024-08-14T15:16:29.044000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/"
},
{
"trust": 2.4,
"url": "https://www.realtek.com/en"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98082029/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34326"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34326/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"date": "2022-09-27T23:15:13.977000",
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-18T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-018120"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2811"
},
{
"date": "2022-10-15T04:15:10.587000",
"db": "NVD",
"id": "CVE-2022-34326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realtek\u00a0Semiconductor\u00a0Corp\u00a0 of \u00a0RTL8195AM\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018120"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2811"
}
],
"trust": 0.6
}
}
CVE-2022-34326 (GCVE-0-2022-34326)
Vulnerability from cvelistv5
Published
2022-09-27 00:00
Modified
2025-05-21 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.realtek.com/en"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:32:05.383005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:32:46.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.realtek.com/en"
},
{
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34326",
"datePublished": "2022-09-27T00:00:00.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2025-05-21T15:32:46.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39306 (GCVE-0-2021-39306)
Vulnerability from cvelistv5
Published
2021-12-22 18:08
Modified
2024-08-04 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.realtek.com | x_refsource_MISC | |
| https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.realtek.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T18:08:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.realtek.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.realtek.com",
"refsource": "MISC",
"url": "https://www.realtek.com"
},
{
"name": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/",
"refsource": "MISC",
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39306",
"datePublished": "2021-12-22T18:08:42",
"dateReserved": "2021-08-20T00:00:00",
"dateUpdated": "2024-08-04T02:06:41.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9395 (GCVE-0-2020-9395)
Vulnerability from cvelistv5
Published
2020-07-06 21:09
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amebaiot.com/en/security_bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2\u0027s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T20:01:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amebaiot.com/en/security_bulletin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2\u0027s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014",
"refsource": "MISC",
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"name": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09",
"refsource": "MISC",
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"name": "https://www.amebaiot.com/en/security_bulletin/",
"refsource": "MISC",
"url": "https://www.amebaiot.com/en/security_bulletin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9395",
"datePublished": "2020-07-06T21:09:28",
"dateReserved": "2020-02-25T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43573 (GCVE-0-2021-43573)
Vulnerability from cvelistv5
Published
2021-11-11 03:58
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T19:21:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/",
"refsource": "MISC",
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43573",
"datePublished": "2021-11-11T03:58:13",
"dateReserved": "2021-11-09T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-12-22 19:15
Modified
2024-11-21 06:19
Severity ?
Summary
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/ | Vendor Advisory | |
| cve@mitre.org | https://www.realtek.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.realtek.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | rtl8195am_firmware | * | |
| realtek | rtl8195am | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8195am_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12003CE1-45D4-4F01-826B-32E6BACE742B",
"versionEndExcluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8195am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC12635-46E3-4595-A6AC-BD80F671B9D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security."
},
{
"lang": "es",
"value": "Se ha detectado un desbordamiento del b\u00fafer de la pila en el dispositivo Realtek RTL8195AM versiones anteriores a 2.0.10, se presenta en el c\u00f3digo del cliente cuando un atacante env\u00eda un texto de desaf\u00edo de autenticaci\u00f3n de gran tama\u00f1o en la seguridad WEP"
}
],
"id": "CVE-2021-39306",
"lastModified": "2024-11-21T06:19:11.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-22T19:15:11.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.realtek.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-39306/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.realtek.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-06 22:15
Modified
2024-11-21 05:40
Severity ?
Summary
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | rtl8711af_firmware | * | |
| realtek | rtl8711af | - | |
| realtek | rtl8711am_firmware | * | |
| realtek | rtl8711am | - | |
| realtek | rtl8195am_firmware | * | |
| realtek | rtl8195am | - | |
| realtek | rtl8710af_firmware | * | |
| realtek | rtl8710af | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8711af_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32A612AF-F9E3-463E-B50B-9E8D2CC7532C",
"versionEndExcluding": "2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8711af:-:*:*:*:*:*:*:*",
"matchCriteriaId": "053AC60A-8C11-439F-8B79-5ED1E6EA5099",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8711am_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A97E03-B3BB-438D-9926-1B03287B848B",
"versionEndExcluding": "2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8711am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3907BD-B150-4676-BBC7-D3DC8B36B6B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8195am_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B72956-8968-456E-BB7D-654565C1BF1D",
"versionEndExcluding": "2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8195am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC12635-46E3-4595-A6AC-BD80F671B9D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8710af_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCB0A68-2649-4B6A-BD37-247FB1CFF464",
"versionEndExcluding": "2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8710af:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3159DB54-4177-4E59-A4D8-503B1B105651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2\u0027s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos Realtek RTL8195AM, RTL8711AM, RTL8711AF y RTL8710AF versiones anteriores a 2.0.6. Se presenta un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el c\u00f3digo del cliente que se encarga del protocolo de enlace de 4 v\u00edas de WPA2 por medio de un paquete EAPOL-Key malformado con un b\u00fafer de datos clave largo"
}
],
"id": "CVE-2020-9395",
"lastModified": "2024-11-21T05:40:33.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-06T22:15:11.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-27 23:15
Modified
2025-05-21 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/ | Third Party Advisory | |
| cve@mitre.org | https://www.realtek.com/en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.realtek.com/en | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | rtl8195am_firmware | * | |
| realtek | rtl8195am | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8195am_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4A2781-948D-4DE2-864B-282F1A44831A",
"versionEndExcluding": "2022-06-20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8195am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC12635-46E3-4595-A6AC-BD80F671B9D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode."
},
{
"lang": "es",
"value": "En ambiot amb1_sdk (tambi\u00e9n conocido como SDK para Ameba1) antes de 2022-06-20 en dispositivos Realtek RTL8195AM antes de 284241d70308ff2519e40afd7b284ba892c730a3, la tarea del temporizador y la tarea RX se bloqueaban cuando hab\u00eda fallos frecuentes y continuos de conexi\u00f3n Wi-Fi (con handshake de cuatro v\u00edas) en el modo Soft AP"
}
],
"id": "CVE-2022-34326",
"lastModified": "2025-05-21T16:15:26.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-27T23:15:13.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.realtek.com/en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.realtek.com/en"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-11 04:15
Modified
2024-11-21 06:29
Severity ?
Summary
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | rtl8195am_firmware | * | |
| realtek | rtl8195am | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:realtek:rtl8195am_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A397B049-1892-4256-801A-2D7EC130076C",
"versionEndIncluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:realtek:rtl8195am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC12635-46E3-4595-A6AC-BD80F671B9D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame."
},
{
"lang": "es",
"value": "Se ha detectado un desbordamiento del b\u00fafer en los dispositivos Realtek RTL8195AM versiones anteriores a 2.0.10. Se presenta en el c\u00f3digo del cliente cuando se procesa una longitud de IE malformada de la informaci\u00f3n de capacidad HT en la trama de respuesta de Beacon y Association"
}
],
"id": "CVE-2021-43573",
"lastModified": "2024-11-21T06:29:28.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-11T04:15:06.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.amebaiot.com/en/security_bulletin/cve-2021-43573/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}