In February 2021, researchers identified and disclosed six critical vulnerabilities in the Realtek RTL8195A Wi-Fi module, used in many connected devices, and later expanded their analysis to discover two additional vulnerabilities in the Realtek RTL8710C module. These vulnerabilities, which reside in the WPA2 handshake mechanism, can lead to complete control of the Wi-Fi module and potential root access on an embedded device's operating system if exploited. Successful exploitation requires an attacker to be on the same Wi-Fi network or know the network's pre-shared key (PSK). Realtek promptly patched these vulnerabilities, and there is no evidence of them being exploited in the wild. The blog post details the technical aspects of these vulnerabilities, including stack-based buffer overflows, and highlights the automated methods used for their detection. The vulnerabilities affect various industries, including agriculture, automotive, and healthcare, as the RTL8710C module is a cost-effective alternative to other Wi-Fi modules like the ESP8266. It emphasizes the importance of updating firmware to versions built after January 11, 2021, or applying strong WPA2 passphrases to mitigate the risks.