A new set of essential vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to attain elevated privileges on a system and hijack wireless communications.
“Effective exploitation would guide to finish command of the Wi-Fi module and possible root entry on the OS (this kind of as Linux or Android) of the embedded gadget that uses this module,” researchers from Israeli IoT stability business Vdoo reported in a generate-up published yesterday.
The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for developing a range of IoT apps by units spanning throughout agriculture, automotive, electricity, health care, industrial, security, and good residence sectors.
The flaws have an affect on all embedded and IoT units that use the ingredient to connect to Wi-Fi networks and would need an attacker to be on the very same Wi-Fi network as the units that use the RTL8710C module or know the network’s pre-shared key (PSK), which, as the title indicates, is a cryptographic secret applied to authenticate wi-fi clients on regional place networks.
The findings comply with an earlier examination in February that observed very similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief amongst them getting a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to wholly take in excess of the module devoid of obtaining to know the Wi-Fi network password.
In the exact same vein, the RTL8170C Wi-Fi module’s WPA2 four-way handshake system is vulnerable to two stack-centered buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.) that abuse the attacker’s awareness of the PSK to attain distant code execution on WPA2 customers that use this Wi-Fi module.
As a probable real-world assault scenario, the scientists demonstrated a proof-of-idea (PoC) exploit wherein the attacker masquerades as a legit obtain point and sends a destructive encrypted group temporal crucial (GTK) to any customer (aka supplicant) that connects to it by way of WPA2 protocol. A team temporal crucial is made use of to safe all multicast and broadcast website traffic.
Vdoo stated there are no known attacks underway exploiting the vulnerabilities, adding firmware variations launched just after Jan. 11, 2021 consist of mitigations that take care of the difficulty. The business also suggests using a “potent, non-public WPA2 passphrase” to stop exploitation of the above problems in scenarios where the device’s firmware cannot be updated.