Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Realtek Wi-FiRealtek Wi-Fi

Taiwanese chip designer Realtek is warning of four security vulnerabilities[1] in three software
development kits (SDKs) accompanying its WiFi modules, which are
used in almost 200 IoT devices made by at least 65 vendors.

The flaws, which affect Realtek SDK v2.x, Realtek “Jungle” SDK
v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek “Luna” SDK up to
version 1.3.2, could be abused by attackers to fully compromise the
target device and execute arbitrary code with the highest level of
privilege —

  • CVE-2021-35392 (CVSS score: 8.1) – Heap buffer
    overflow vulnerability in ‘WiFi Simple Config’ server due to unsafe
    crafting of SSDP NOTIFY messages
  • CVE-2021-35393 (CVSS score: 8.1) – Stack
    buffer overflow vulnerability in ‘WiFi Simple Config’ server due to
    unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback
    header
  • CVE-2021-35394 (CVSS score: 9.8) – Multiple
    buffer overflow vulnerabilities and an arbitrary command injection
    vulnerability in ‘UDPServer’ MP tool
  • CVE-2021-35395 (CVSS score: 9.8) – Multiple
    buffer overflow vulnerabilities in HTTP web server ‘boa’ due to
    unsafe copies of some overly long parameters

Realtek Wi-Fi SDKRealtek Wi-Fi SDK

Impacting devices that implement wireless capabilities, the list
includes residential gateways, travel routers, WiFi repeaters, IP
cameras to smart lightning gateways, or even connected toys from a
wide range of manufacturers such as AIgital, ASUSTek, Beeline,
Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link,
Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL, ZTE, Zyxel, and
Realtek’s own router lineup.

Prevent Ransomware Attacks

“We got 198 unique fingerprints for devices that answered over
UPnP. If we estimate that each device may have sold 5k copies (on
average), the total count of affected devices would be close to a
million,” researchers said.

While patches have been released for Realtek “Luna” SDK in
version 1.3.2a, users of the “Jungle” SDK are recommended to
backport the fixes provided by the company.

The security issues are said to have remained untouched in
Realtek’s codebase for more than a decade, German cybersecurity
specialist IoT Inspector, which discovered[2]
the weaknesses, said in a report published Monday three months
after disclosing them to Realtek in May 2021.

“On the product vendor’s end, […] manufacturers with access to
the Realtek source code […] missed to sufficiently validate their
supply chain, [and] left the issues unspotted and distributed the
vulnerabilities to hundreds of thousands of end customers — leaving
them vulnerable to attacks,” the researchers said.

References

  1. ^
    four
    security vulnerabilities     (www.realtek.com)
  2. ^
    discovered
    (www.iot-inspector.com)

Read more