Unrated severityNVD Advisory· Published Sep 27, 2022· Updated May 21, 2025

CVE-2022-34326

Description

In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Realtek RTL8195AM devices using amb1_sdk before 2022-06-20, frequent four-way handshake failures in Soft AP mode cause a deadlock between the timer task and RX task.

Vulnerability

In the amb1_sdk (SDK for Ameba1) used on Realtek RTL8195AM devices, versions prior to commit 284241d70308ff2519e40afd7b284ba892c730a3 (2022-06-20), a deadlock condition occurs between the timer task and the RX task when the device operates in Soft AP mode. Specifically, when a Wi-Fi client repeatedly initiates and fails the four-way handshake (e.g., due to incorrect credentials), the lock contention becomes permanent, preventing both tasks from proceeding. This affects SDK versions before the fix date. The code path is reachable by any legitimate Wi-Fi client within range that attempts to connect to the Soft AP with incorrect authentication information. [2]

Exploitation

An attacker only needs to be in Wi-Fi range of a vulnerable device configured as a Soft AP. No prior authentication is required. The attacker (or a legitimate client with wrong credentials) repeatedly sends connection attempts that fail the four-way handshake. This sequence of frequent and continuous failures triggers the lock condition. No additional privileges or user interaction on the device side are needed beyond the Soft AP being active and accepting connection attempts. [2]

Impact

Successful exploitation results in a denial of service (DoS) of the device's Wi-Fi functionality. The timer task and RX task become permanently locked, preventing the device from handling any further Wi-Fi frames, including legitimate connection attempts or data traffic. The device may become unresponsive until a power cycle. There is no indication of code execution, information disclosure, or privilege escalation; the impact is limited to availability (CIA: availability loss). [2]

Mitigation

The issue is fixed in the amb1_sdk as of commit 284241d70308ff2519e40afd7b284ba892c730a3, dated 2022-06-20. Users should update their SDK to this version or later. No additional workarounds are mentioned in the available references. The affected Realtek RTL8195AM devices are not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [2]

References

CVE-2022-34326 – Realtek IoT/Wi-Fi MCU Solutions

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ambiot/amb1_sdkdescription
Realtek/RTL8195AMllm-create
Range: < 284241d70308ff2519e40afd7b284ba892c730a3
ambiot/amb1_sdkllm-create
Range: < 2022-06-20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000