Millions of IoT Devices are at Risk due to Bugs Found in Realtek Wi-Fi SDK

by Emma Davis
February 7, 2022
Realtek Wi-Fi SDK
Written by Emma Davis

Taiwanese manufacturer Realtek has warned of four vulnerabilities found in three SDKs for Wi-Fi modules. These modules are used in nearly 200 IoT device models from at least 65 manufacturers.

Discovered flaws affect Realtek SDK v2.x, Realtek Jungle SDK v3.0, v3.1, v3.2, v3.4.x, v3.4T, v3.4T-CT, as well as Realtek Luna SDK up to version 1.3. 2. These bugs could be used to completely compromise the target device and execute arbitrary code with the highest privilege level.

The following vulnerabilities were found in the listed SDKs:

  • CVE-2021-35392 (CVSS score: 8.1): Heap buffer overflow on WiFi Simple Config server due to insecure SSDP NOTIFY messages.
  • CVE-2021-35393 (CVSS score: 8.1): Stack buffer overflow on WiFi Simple Config server due to insecure parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header.
  • CVE-2021-35394 (CVSS score: 9.8): Multiple buffer overflow vulnerabilities as well as arbitrary command injection vulnerability in MP UDPServer.
  • CVE-2021-35395 (CVSS score: 9.8): Multiple HTTP boa web server buffer overflow vulnerabilities.

These problems can pose a threat to many devices that are using the company’s Wi-Fi modules.

The list of devices includes: travel routers, Wi-Fi repeaters, IP cameras for lightning gateways, smart toys and other devices such as AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL, ZTE, Zyxel, as well as Realtek’s own line of routers.

German company IoT Inspector researcher, who discovered the bugs, write that the total number of vulnerable devices is close to or exceeds a million, since on average about 5,000 copies of each vulnerable device were sold. A list of problematic gadgets can be found on the company’s blog.

Discovered issues are reported to have been present in the Realtek codebase for over a decade. Currently, the vulnerabilities have been fixed, but whether the patches will reach the end devices and how quickly it will happen is anyone’s guess.

Recall that we also talked about the fact that Hundreds of millions of IoT devices at risk due to Ripple20 vulnerabilities.

RELATED: Our recent article on importance of quick change of default passwords on IoT devices.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending