var-202007-1257
Vulnerability from variot
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. plural Realtek The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Realtek RTL8195AM, etc. are all an IoT microcontroller of Taiwan Realtek Semiconductor (Realtek). A buffer error vulnerability exists in many Realtek products. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of a specially crafted EAPOL-Key packet. The following products and versions are affected: Realtek RTL8195AM before 2.0.6; RTL8711AM before 2.0.6; RTL8711AF before 2.0.6; RTL8710AF before 2.0.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtl8710af",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8711af",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8711am",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8195am",
"scope": "lt",
"trust": 1.6,
"vendor": "realtek",
"version": "2.0.6"
},
{
"model": "rtl8195am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8710af",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8711af",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
},
{
"model": "rtl8711am",
"scope": "eq",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:realtek:rtl8195am_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8710af_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8711af_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:realtek:rtl8711am_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
}
]
},
"cve": "CVE-2020-9395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2020-9395",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007682",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CNVD-2021-18235",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2020-9395",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9395",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007682",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-18235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-279",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2\u0027s 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. plural Realtek The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Realtek RTL8195AM, etc. are all an IoT microcontroller of Taiwan Realtek Semiconductor (Realtek). \nA buffer error vulnerability exists in many Realtek products. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of a specially crafted EAPOL-Key packet. The following products and versions are affected: Realtek RTL8195AM before 2.0.6; RTL8711AM before 2.0.6; RTL8711AF before 2.0.6; RTL8710AF before 2.0.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9395"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9395",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18235",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47100",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"id": "VAR-202007-1257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
}
],
"trust": 1.1520833575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
}
]
},
"last_update_date": "2024-11-23T21:35:25.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Realtek IoT/Wi-Fi MCU Solutions",
"trust": 0.8,
"url": "https://www.amebaiot.com/en/security_bulletin/"
},
{
"title": "Patch for Buffer overflow vulnerabilities in many Realtek products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253426"
},
{
"title": "Multiple Realtek Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/ambiot/amb1_arduino/commit/dcea55cf9775a0166805b3db845b237ecd5e74ea#diff-d06e7a87f34cc464a56799a419033014"
},
{
"trust": 2.4,
"url": "https://github.com/ambiot/amb1_sdk/commit/bc5173d5d4faf6829074b0f1e1b242c12b7777a3#diff-700c216fb376666eaeda0c892e8bdc09"
},
{
"trust": 1.6,
"url": "https://www.amebaiot.com/en/security_bulletin/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9395"
},
{
"trust": 1.2,
"url": "https://www.amebaiot.com/en/arduino-faq/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9395"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"date": "2020-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"date": "2020-07-06T22:15:11.553000",
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18235"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007682"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-279"
},
{
"date": "2024-11-21T05:40:33.507000",
"db": "NVD",
"id": "CVE-2020-9395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Realtek Classic buffer overflow vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-279"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…