cve/2020/CVE-2020-27301.md

CVE-2020-27301

Description

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

POC

Reference

• https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
• https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day

Github

• https://github.com/chertoGUN/CVE-2020-27301-hostapd
• https://github.com/khalednassar/CVE-2020-27301-hostapd