{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T12:11:00.298","vulnerabilities":[{"cve":{"id":"CVE-2020-25855","sourceIdentifier":"vuln@vdoo.com","published":"2021-02-03T17:15:15.043","lastModified":"2024-11-21T05:18:54.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this."},{"lang":"es","value":"La función AES_UnWRAP() en el módulo Wi-Fi Realtek RTL8195A anterior a versiones publicadas en Abril de 2020 (hasta y excluyendo la 2.08), no comprueba el parámetro size para una operación memcpy(), resultando en un desbordamiento del búfer de la pila que puede ser explotado para una ejecución de código remota o una denegación de servicio. Un atacante puede hacerse pasar por un Access Point y atacar a un cliente Wi-Fi vulnerable al inyectar un paquete diseñado en el protocolo de enlace WPA2. El atacante necesita conocer el PSK de la red para explotar esto"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vuln@vdoo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.08","matchCriteriaId":"24D4DC02-E833-483C-885F-9E168E5F8A4C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*","matchCriteriaId":"62A37D39-5134-4AFE-9F59-C8C36A113B04"}]}]}],"references":[{"url":"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/","source":"vuln@vdoo.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}