A new set of critical vulnerabilities have been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications,
“Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module,” researchers from Israeli IoT security firm Vdoo said in a write-up.
The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors.
Mitigations: Vdoo said there are no known attacks underway exploiting the vulnerabilities, adding firmware versions released after Jan. 11, 2021 include mitigations that resolve the issue. The company also recommends using a “strong, private WPA2 passphrase” to prevent exploitation of the above issues in scenarios where the device’s firmware can’t be updated.
Source: THN