Realtek vulnerabilities compromise hundreds of thousands of routers, IoT devices

Date:
Mon, 16 Aug 2021 15:19:43 +0000

Description:
Researchers reveal multiple vulnerabilities in Realtek binaries that impact devices from virtually all networking vendors.

FULL STORY ======================================================================

Cybersecurity analysts have discovered critical security vulnerabilities in Realtek chips that affect more than 65 hardware manufacturers and a variety
of wireless devices.

The vulnerabilities were uncovered by IoT Inspector, the makers of the firmware security analysis platform of the same name, during an analysis of the binaries packaged as part of the Realtek SDK.

We performed vulnerability research on those binaries and identified more
than a dozen vulnerabilities ranging from command injection to memory corruption affecting UPnP, HTTP (management web interface), and a custom network service from Realtek, explained researchers in a blog post .
TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix
so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

Click here to start the survey in a new window << Check our collection of the best wireless routers Weve also rounded up the best secure routers These are the best firewall apps and services

The vulnerabilities can be exploited remotely by attackers to fully
compromise the vulnerable devices and execute arbitrary code with the highest level of privileges. Supply chain transparency

According to IoT Inspector, Realtek provides the SDK to vendors and manufacturers that use the RTL8xxx system-on-a-chip ( SoC ).

The list of hardware manufacturers affected by the Realtek vulnerabilities includes Asus , Belkin , D-Link, Edimax, Logitech , Netgear, ZTE, and more, and cover an equally wide range of devices, from residential gateways to travel routers , Wi-Fi repeaters , IP cameras , smart lightning gateways and even connected toys.

We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodans scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet, the researchers observed.

Citing recent supply chain attacks such as SolarWinds and Kaseya , the researchers believe the vulnerabilities in the Realtek SDK are a prime
example of how an obscure supply chain can lead to all kinds of attacks.

Florian Lukavsky, MD at IoT Inspector, says the researchers notified Realtek about the vulnerabilities and a patch was issued promptly. Lukavsky urges manufacturers who use the vulnerable Wi-Fi modules to check their devices and provide security patches to their users without delay. These are the best endpoint protection tools



======================================================================
Link to news story: https://www.techradar.com/news/realtek-vulnerability-compromises-hundreds-of-t housands-of-routers-iot-devices/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)