CVE-2020-27301

HIGH

Realtek RTL8710 and RTL8195A Firmware - Remote Code Execution via AES_UnWRAP Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27301. PoCs published by chertoGUN.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-27301, a vulnerability in hostapd. The exploit demonstrates a rogue AP attack, leveraging modified hostapd code to exploit the vulnerability.

Description

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

Exploits (1)

nomisec WORKING POC 1 stars

by chertoGUN · poc

https://github.com/chertoGUN/CVE-2020-27301-hostapd

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-27301, a vulnerability in hostapd. The exploit demonstrates a rogue AP attack, leveraging modified hostapd code to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: hostapd (version not explicitly specified, but likely affects versions prior to the fix)

No auth needed

Prerequisites: Linux environment with wireless interface · libnl-genl-3-dev, libssl-dev, libsqlite3-dev, libgnutls28-dev

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day

Scores

CVSS v3 8.0

EPSS 0.0199

EPSS Percentile 78.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

realtek/rtl8195a_firmware

realtek/rtl8710c_firmware

Published Jun 04, 2021

Tracked Since Feb 18, 2026