Taiwanese chip designer Realtek is warning of 4 safety vulnerabilities in three software program growth kits (SDKs) accompanying its WiFi modules, which are used in practically 200 IoT equipment made by at the very least 65 suppliers.
The flaws, which have an effect on Realtek SDK v2.x, Realtek “Jungle” SDK v3./v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek “Luna” SDK up to version 1.3.2, could be abused by attackers to completely compromise the focus on system and execute arbitrary code with the highest stage of privilege —
- CVE-2021-35392 (CVSS score: 8.1) – Heap buffer overflow vulnerability in ‘WiFi Uncomplicated Config’ server due to unsafe crafting of SSDP NOTIFY messages
- CVE-2021-35393 (CVSS rating: 8.1) – Stack buffer overflow vulnerability in ‘WiFi Simple Config’ server due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header
- CVE-2021-35394 (CVSS rating: 9.8) – Several buffer overflow vulnerabilities and an arbitrary command injection vulnerability in ‘UDPServer’ MP tool
- CVE-2021-35395 (CVSS rating: 9.8) – Multiple buffer overflow vulnerabilities in HTTP web server ‘boa’ due to unsafe copies of some extremely extended parameters
Impacting gadgets that carry out wireless abilities, the checklist features household gateways, journey routers, WiFi repeaters, IP cameras to sensible lightning gateways, or even connected toys from a vast vary of makers these types of as AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Hyperlink, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL, ZTE, Zyxel, and Realtek’s personal router lineup.
“We obtained 198 distinctive fingerprints for devices that answered about UPnP. If we estimate that every machine might have offered 5k copies (on normal), the complete count of afflicted equipment would be shut to a million,” researchers claimed.
When patches have been unveiled for Realtek “Luna” SDK in version 1.3.2a, people of the “Jungle” SDK are advised to backport the fixes furnished by the business.
The safety issues are stated to have remained untouched in Realtek’s codebase for extra than a decade, German cybersecurity specialist IoT Inspector, which discovered the weaknesses, mentioned in a report posted Monday three months soon after disclosing them to Realtek in May well 2021.
“On the merchandise vendor’s stop, […] brands with obtain to the Realtek source code […] missed to sufficiently validate their supply chain, [and] left the challenges unspotted and distributed the vulnerabilities to hundreds of hundreds of conclusion customers — leaving them vulnerable to assaults,” the researchers claimed.