A group of security researchers has detected critical bugs affecting the Realtek Wi-Fi module . This is something that can put users at risk. We are used to seeing vulnerabilities that affect our computers. They can especially damage the proper functioning and security of those devices that are connected to the network. It is very important that we correct these problems as soon as possible. We are going to explain what this failure consists of.
Security flaws found in a Realtek Wi-Fi module
It specifically affects the Realtek RTL8170C Wi-Fi module . There are several critical errors that have been detected and could be exploited to achieve elevated privileges on a device and later affect wireless connections. They could seriously jeopardize the privacy of users.
Basically we can say that an attacker who manages to exploit these vulnerabilities would have full control of this Wi-Fi module, as if he were a system administrator. It must be taken into account that this module is widely used in IoT devices, something that is increasingly present in our day to day. It is widely used in very varied sectors such as agriculture, health, energy, security and also for homes of domestic users.
These failures, as indicated by the researchers behind this discovery, affect all kinds of embedded devices and what is known as the Internet of Things that use this component to connect to Wi-Fi networks.
A requirement to be able to exploit these vulnerabilities is that the attacker is on the same wireless network or that they know the pre-shared network key or PSK.
Two of these vulnerabilities have been registered as CVE-2020-27301 and CVE-2020-27302 and have received a CVSS score of 8. They are based on the fact that the attacker knows the PSK key and can carry out remote code execution on WPA clients -2 that use that module.
Proof of concept and vulnerabilities fixed
The researchers conducted a test in which an attacker impersonated a legitimate access point and sent a malicious temporary key to a client connecting via the WPA-2 protocol .
It should be mentioned that they have already released firmware updates to correct these problems. Once again we can see the importance of having all the devices, systems and programs correctly updated. Only in this way can we avoid being victims of attacks that may be based on the exploitation of security flaws that are present. You always have to avoid problems with the network adapter.
In this case we have seen a series of bugs that affect the Realtek Wi-Fi module. However, these vulnerabilities can affect many of our devices connected to the network. They could put at risk the router, a computer, smart plug, Wi-Fi repeater … We must always make sure that we have the latest versions available installed. We already explained why it is important to update the network card. It is one more step not only to achieve the best possible performance, but also to avoid security problems that may affect us in our day to day life. From this article we always recommend checking that we have the latest versions.