Filtered by vendor Realtek
Subscribe
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21742 | 1 Realtek | 14 Rtl8152b, Rtl8152b Firmware, Rtl8153 and 11 more | 2024-11-21 | 3.3 LOW | 6.2 MEDIUM |
| Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services. | |||||
| CVE-2021-43573 | 1 Realtek | 2 Rtl8195am, Rtl8195am Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. | |||||
| CVE-2021-39306 | 1 Realtek | 2 Rtl8195am, Rtl8195am Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. | |||||
| CVE-2021-36925 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36924 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36923 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-36922 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-35393 | 1 Realtek | 1 Realtek Jungle Sdk | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device. | |||||
| CVE-2021-35392 | 1 Realtek | 1 Jungle Sdk | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. | |||||
| CVE-2021-32537 | 1 Realtek | 1 Hda Driver | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. | |||||
| CVE-2021-27372 | 1 Realtek | 2 Xpon Rtl9601d, Xpon Rtl9601d Software Development Kit | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | |||||
| CVE-2020-9395 | 1 Realtek | 8 Rtl8195am, Rtl8195am Firmware, Rtl8710af and 5 more | 2024-11-21 | 4.9 MEDIUM | 8.0 HIGH |
| An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. | |||||
| CVE-2020-27302 | 1 Realtek | 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. | |||||
| CVE-2020-27301 | 1 Realtek | 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. | |||||
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2020-25857 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. | |||||
| CVE-2020-25856 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | |||||
| CVE-2020-25855 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | |||||
| CVE-2020-25854 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | |||||
| CVE-2020-25853 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. | |||||