Taiwanese manufacturer Realtek has warned of four vulnerabilities found in three SDKs for Wi-Fi modules. These modules are used in nearly 200 IoT device models from at least 65 manufacturers.
Discovered flaws affect Realtek SDK v2.x, Realtek Jungle SDK v3.0, v3.1, v3.2, v3.4.x, v3.4T, v3.4T-CT, as well as Realtek Luna SDK up to version 1.3. 2. These bugs could be used to completely compromise the target device and execute arbitrary code with the highest privilege level.The following vulnerabilities were found in the listed SDKs:
- CVE-2021-35392 (CVSS score: 8.1): Heap buffer overflow on WiFi Simple Config server due to insecure SSDP NOTIFY messages.
- CVE-2021-35393 (CVSS score: 8.1): Stack buffer overflow on WiFi Simple Config server due to insecure parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header.
- CVE-2021-35394 (CVSS score: 9.8): Multiple buffer overflow vulnerabilities as well as arbitrary command injection vulnerability in MP UDPServer.
- CVE-2021-35395 (CVSS score: 9.8): Multiple HTTP boa web server buffer overflow vulnerabilities.
These problems can pose a threat to many devices that are using the company’s Wi-Fi modules.
The list of devices includes: travel routers, Wi-Fi repeaters, IP cameras for lightning gateways, smart toys and other devices such as AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL, ZTE, Zyxel, as well as Realtek’s own line of routers.
German company IoT Inspector researcher, who discovered the bugs, write that the total number of vulnerable devices is close to or exceeds a million, since on average about 5,000 copies of each vulnerable device were sold. A list of problematic gadgets can be found on the company’s blog.
Discovered issues are reported to have been present in the Realtek codebase for over a decade. Currently, the vulnerabilities have been fixed, but whether the patches will reach the end devices and how quickly it will happen is anyone’s guess.
Recall that we also talked about the fact that Hundreds of millions of IoT devices at risk due to Ripple20 vulnerabilities.
RELATED: Our recent article on importance of quick change of default passwords on IoT devices.