A brand new set of important vulnerabilities has been disclosed within the Realtek RTL8170C Wi-Fi module that an adversary might abuse to realize elevated privileges on a tool and hijack wi-fi communications.
“Profitable exploitation would result in full management of the Wi-Fi module and potential root entry on the OS (akin to Linux or Android) of the embedded gadget that makes use of this module,” researchers from Israeli IoT safety agency Vdoo said in a write-up revealed yesterday.
The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform outfitted with peripheral interfaces for constructing a wide range of IoT purposes by units spanning throughout agriculture, automotive, power, healthcare, industrial, safety, and sensible house sectors.
The failings have an effect on all embedded and IoT units that use the element to hook up with Wi-Fi networks and would require an attacker to be on the identical Wi-Fi community because the units that use the RTL8710C module or know the community’s pre-shared key (PSK), which, because the title implies, is a cryptographic secret used to authenticate wi-fi purchasers on native space networks.
The findings observe an earlier analysis in February that discovered comparable weaknesses within the Realtek RTL8195A Wi-Fi module, chief amongst them being a buffer overflow vulnerability (CVE-2020-9395) that allows an attacker within the proximity of an RTL8195 module to fully take over the module with out having to know the Wi-Fi community password.
In the identical vein, the RTL8170C Wi-Fi module’s WPA2 four-way handshake mechanism is susceptible to 2 stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker’s data of the PSK to acquire distant code execution on WPA2 purchasers that use this Wi-Fi module.
As a possible real-world assault situation, the researchers demonstrated a proof-of-concept (PoC) exploit whereby the attacker masquerades as a reputable entry level and sends a malicious encrypted group temporal key (GTK) to any consumer (aka supplicant) that connects to it through WPA2 protocol. A gaggle temporal secret is used to safe all multicast and broadcast site visitors.
Vdoo stated there aren’t any recognized assaults underway exploiting the vulnerabilities, including firmware variations launched after Jan. 11, 2021 embody mitigations that resolve the problem. The corporate additionally recommends utilizing a “robust, personal WPA2 passphrase” to forestall exploitation of the above points in eventualities the place the gadget’s firmware cannot be up to date.