The devices we use on a daily basis are always at risk of being exposed to vulnerabilities , since there is no perfect device. Most of these bugs can be fixed through an update , but the problem comes when some of those devices do not have an update mechanism to fix the failure, and others do not even receive updates .
This is what happens with the vulnerability discovered by German researchers and confirmed by Realtek itself. The Taiwanese company has announced that there are four vulnerabilities in three of its development kits (SDKs). The bugs have been detected in Realtek SDK v2.x, Realtek “Jungle” SDK v3.0 / v3.1 / v3.2 / v3.4.x / v3.4T / v3.4T-CT, and Realtek “Luna” up to versions 1.3.2.
These flaws allow an attacker full access to the device and arbitrarily execute code with the highest level of privileges. The complete list of faults is as follows:
- CVE-2021-35392 (CVSS score: 8.1) – Buffer overflow vulnerability in ‘WiFi Simple Config’ server due to insecure creation of SSDP NOTIFY messages
- CVE-2021-35393 (CVSS score: 8.1): Buffer overflow vulnerability on server ‘WiFi Simple Config’ due to insecure parsing of UPnP SUBSCRIBE / UNSUBSCRIBE callback header
- CVE-2021-35394 (CVSS score: 9.8) – Multiple buffer overflow vulnerabilities and an arbitrary code injection vulnerability in the MP tool ‘UDPServer’
- CVE-2021-35395 (CVSS score: 9.8) – Multiple buffer overflow vulnerabilities in HTTP web server due to insecure copies of some too long parameters
Devices from 47 brands affected
Among those affected are all kinds of IoT devices, including gateways, 4G routers, WiFi repeaters, security cameras, smart light bulbs, and even toys for children. The affected manufacturers include devices from 47 brands. The models are available at this link , and affect the following manufacturers:
- Abocom System Inc.
- AIgital
- Amped Wireless
- Askey
- ASUSTek Computer Inc.
- BEST ONE TECHNOLOGY CO., LTD.
- Beeline
- Belkin
- Buffalo Inc.
- Calix Inc.
- China Mobile Communication Corp.
- Compal Broadband Networks, INC.
- D-Link
- DASAN Networks
- Davolink Inc.
- Edge-core
- Edimax
- Edison
- EnGenius Technologies, Inc.
- ELECOM Co., LTD.
- Esson Technology Inc.
- EZ-NET Ubiquitous Corp.
- IFAD
- Hama
- Hawking Technologies, Inc.
- MT-Link
- Huawei
- IO DATA DEVICE, INC.
- iCotera
- IGD
- LG International
- LINK-NET TECHNOLOGY CO., LTD.
- Logitec
- MMC Technology
- MT-Link
- NetComm Wireless
- Netis
- Netgear
- Nexxt Solutions
- Watch Telecom
- Occtel
- Omega Technology
- PATECH
- PLANEX COMMUNICATIONS INC.
- Planex Communications Corp.
- PLANET Technology
- Realtek
According to the researchers who discovered the vulnerability, they have detected at least 198 unique devices that have responded via UPnP to the requests sent. Assuming that thousands of units of each of these devices have been sold, we are facing a failure that affects millions of devices that are in the hands of users.
The security flaw is fixed for the version of the Luna development kit in version 1.3.2a, while Jungle users will have to implement the patches that the company has published.
These flaws have been present in Realtek’s code for more than a decade , German IoT Inspector researchers revealed three months after reporting the flaws to Realtek. The researchers criticize the manufacturers, stating that none of them checked the code they were implementing for vulnerabilities like this one. Now it only remains for the security patches to reach the affected devices, where it can be dangerous to use old WiFi devices as repeaters and that they are affected by the failure if they are not going to receive security patches.