A brand new set of essential vulnerabilities has been disclosed within the Realtek RTL8170C Wi-Fi module that an adversary might abuse to realize elevated privileges on a tool and hijack wi-fi communications.
“Profitable exploitation would result in full management of the Wi-Fi module and potential root entry on the OS (resembling Linux or Android) of the embedded machine that makes use of this module,” researchers from Israeli IoT safety agency Vdoo said in a write-up revealed yesterday.
The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform outfitted with peripheral interfaces for constructing quite a lot of IoT purposes by gadgets spanning throughout agriculture, automotive, power, healthcare, industrial, safety, and sensible dwelling sectors.
The issues have an effect on all embedded and IoT gadgets that use the element to connect with Wi-Fi networks and would require an attacker to be on the identical Wi-Fi community because the gadgets that use the RTL8710C module or know the community’s pre-shared key (PSK), which, because the title implies, is a cryptographic secret used to authenticate wi-fi purchasers on native space networks.
The findings observe an earlier analysis in February that discovered comparable weaknesses within the Realtek RTL8195A Wi-Fi module, chief amongst them being a buffer overflow vulnerability (CVE-2020-9395) that allows an attacker within the proximity of an RTL8195 module to utterly take over the module with out having to know the Wi-Fi community password.
In the identical vein, the RTL8170C Wi-Fi module’s WPA2 four-way handshake mechanism is susceptible to 2 stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker’s information of the PSK to acquire distant code execution on WPA2 purchasers that use this Wi-Fi module.
As a possible real-world assault state of affairs, the researchers demonstrated a proof-of-concept (PoC) exploit whereby the attacker masquerades as a authentic entry level and sends a malicious encrypted group temporal key (GTK) to any shopper (aka supplicant) that connects to it by way of WPA2 protocol. A gaggle temporal secret is used to safe all multicast and broadcast site visitors.
Vdoo stated there are not any identified assaults underway exploiting the vulnerabilities, including firmware variations launched after Jan. 11, 2021 embody mitigations that resolve the problem. The corporate additionally recommends utilizing a “sturdy, non-public WPA2 passphrase” to forestall exploitation of the above points in eventualities the place the machine’s firmware cannot be up to date.