A brand new set of vital vulnerabilities has been disclosed within the Realtek RTL8170C Wi-Fi module that an adversary may abuse to achieve elevated privileges on a tool and hijack wi-fi communications.
“Profitable exploitation would result in full management of the Wi-Fi module and potential root entry on the OS (resembling Linux or Android) of the embedded gadget that makes use of this module,” researchers from Israeli IoT safety agency Vdoo said in a write-up printed yesterday.
The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform outfitted with peripheral interfaces for constructing quite a lot of IoT purposes by gadgets spanning throughout agriculture, automotive, vitality, healthcare, industrial, safety, and good residence sectors.
The issues have an effect on all embedded and IoT gadgets that use the part to hook up with Wi-Fi networks and would require an attacker to be on the identical Wi-Fi community because the gadgets that use the RTL8710C module or know the community’s pre-shared key (PSK), which, because the identify implies, is a cryptographic secret used to authenticate wi-fi purchasers on native space networks.
The findings observe an earlier analysis in February that discovered related weaknesses within the Realtek RTL8195A Wi-Fi module, chief amongst them being a buffer overflow vulnerability (CVE-2020-9395) that allows an attacker within the proximity of an RTL8195 module to fully take over the module with out having to know the Wi-Fi community password.
In the identical vein, the RTL8170C Wi-Fi module’s WPA2 four-way handshake mechanism is susceptible to 2 stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker’s data of the PSK to acquire distant code execution on WPA2 purchasers that use this Wi-Fi module.
As a possible real-world assault state of affairs, the researchers demonstrated a proof-of-concept (PoC) exploit whereby the attacker masquerades as a official entry level and sends a malicious encrypted group temporal key (GTK) to any shopper (aka supplicant) that connects to it through WPA2 protocol. A gaggle temporal secret’s used to safe all multicast and broadcast site visitors.
Vdoo stated there aren’t any identified assaults underway exploiting the vulnerabilities, including firmware variations launched after Jan. 11, 2021 embody mitigations that resolve the difficulty. The corporate additionally recommends utilizing a “robust, personal WPA2 passphrase” to stop exploitation of the above points in eventualities the place the gadget’s firmware cannot be up to date.