Due to a Realtek SDK weakness, routers from various vendors are exposed to remote assaults
Security experts at Faraday have discovered a critical issue in the eCos SDK created by Taiwanese semiconductor manufacturer Realtek that may make networking devices from various vendors vulnerable to remote attacks. According to reports, the stack-based buffer overflow vulnerability, identified as CVE-2022-27255 and given a high severity rating, has the potential to enable a remote attacker to cause a device using the SDK to crash or run arbitrary code.
The researchers found that an attack could be launched across the WAN link by using specially designed SIP messages. The Realtek eCos SDK is available to businesses who make routers, access points, and repeaters using RTL819x family SoCs. The researchers claimed that the SDK implements the router’s core functions, including the web administration interface and networking stack. Vendors can build on top of this SDK to add custom functionality and their branding to the product. Realtek informed customers of the eCos SDK vulnerability in March by informing them that a patch was currently accessible.
OEMs using the SDK are in charge of ensuring that the fix is applied to end-user devices. A total of 20 companies, including Tenda, Nexxt, Intelbras, and D-Link, are listed as using unsafe SDK in their products, according to the researchers. They might not have yet determined which other vendors are affected. The researchers claimed that it is difficult to identify compromised OEM devices because the supply chain is opaque.
Although there is no proof that the hole has been used in the wild, the researchers stated that there may be many devices that are attackable due to this vulnerability, making it appealing to malicious actors. Shodan was used by the researchers to look for vulnerable routers, and they discovered over 60,000 of them with admin panels that could be accessed. The researchers claim that because the admin panel is not enabled by default, there should be a greater overall number of vulnerable devices.