Security News > 2021 > August > Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK
A large number of IoT systems could be exposed to remote hacker attacks due to serious vulnerabilities found in software development kits provided to device manufacturers by Taiwan-based semiconductor company Realtek.
Firmware security company IoT Inspector said its researchers have identified more than a dozen vulnerabilities in SDKs provided by Realtek to companies that use its RTL8xxx chips.
The security flaws can be exploited to cause a denial of service condition and for command injection, and some of them can be leveraged by remote attackers to take complete control of a targeted device, without requiring authentication.
According to IoT Inspector, an internet search revealed nearly 200 unique types of affected devices from a total of 65 different vendors, including IP cameras, routers, residential gateways, Wi-Fi repeaters, and toys.
The security firm noted that if the impacted vendors sold, on average, 5,000 devices of each affected model, the vulnerabilities would expose nearly one million systems to remote attacks.
Earlier this year, researchers warned that a Wi-Fi module from Realtek had significant vulnerabilities that exposed many devices to remote attacks.