Several Execution Vulnerabilities in Realtek SDK Affect Multiple IoT Devices

Realtek, a leading chip designer in Taiwan, has been informed of four flaws or vulnerabilities in its three SDKs, with Wi-Fi modules that are utilized in 200 products created by over five dozen vendors. These flaws allow remote or unauthenticated attackers to refuse services, inject arbitrary codes or commands, and crash devices.

The first two Wi-Fi configuration vulnerabilities are rated 8.1 in severity term on the scale of CVSS. MP Daemon tool and web interface vulnerabilities are rated as 9.8 on the scale in terms of critical severity. These flaws need an attacker to be on the exact same network as that of the device to carry out successful exploitation. Such bugs can also be misused by malware to hijack someone’s internet router or smart home devices.

In May, IoT Inspector, a Germany-based security firm, revealed the flaws to Realtek and said that over 65 products of hardware markers include the Realtek module, which implements WAP functions and incorporates some vulnerable SDK. The Biz advisory says that the unauthenticated attackers can completely compromise the aimed devices and execute codes with the highest privilege levels by exploiting the vulnerabilities. Almost one million such vulnerable devices might be in use, including wireless routers and VoIP, repeaters, smart lighting, and IP cameras.

IoT inspector MD Florian Lukavsky said that they notified Realtek about the vulnerability and the company immediately responded as well as offered a patch. Manufacturers that are using the vulnerable modules of Wi-Fi are encouraged to scrutinize their devices while offering necessary patches to the customers. It is also important to know that the IoT inspector researchers found out the vulnerabilities through the search engine of Shodan vulnerability. This means even the miscreants can also do it. The vulnerable kits vendors include Belkin, AsusTEK, D-Link, Hama, Edimax, Logitech, and others.

The Team at IoT Inspector said that for making an exploit successful, the attacker is required to remain on the exact same network. However, the ISP configurations that are faulty also expose many vulnerable devices to the global internet. Any successful attack will give all control over wi-Fi modules and root access into the operating system of embedded devices. Among the identified iterations of three SDKs, Realtek SDK v2.x, Realtek Luna, Realtek Jungle were included. The first one is not supported as the SDK has been older by 11 years. For the SDK Jungle, Realtek is currently making fixes, and these will then be backported, as per the IoT Inspector. A patch has been provided to the Luna SDK.

All these fixes require installation by devices through software updates, and Realtek should address the vulnerabilities in the software. People should check the firmware updates and get them deployed if necessary. The Security Outfit says insufficient safe and secure development practices, as well as lacking security code review and testing, have led to many critical security issues. These issues remain quite untouched in the codebase of Realtek for over a decade. The Realtek Company has not yet responded to anything or given any comment.

Credits: For more information about execution flaws in the Realtek SDK, visit the site.