JFrog Security Research

XRAY-194060 - Realtek 8710 WPA2 stack overflow

CVE-2020-27301 | CVSS 8

JFrog Severity:high

Published 2 Jun. 2021 | Last updated 2 Jun. 2021

Stack overflow in Realtek 8710 WPA2 key parsing leads to remote code execution

Realtek Ameba SDK

Ameba SDK (, 7.1d), fixed in 7.1d

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the AES_UnWRAP function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue

(JFrog) WiFi Vulnerabilities Discovered by Automated Zero-Day Analysis