Security News > 2021 > August > Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors.

Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users.

"Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users."

Among the three SDK iterations identified - Realtek SDK v2.

For the "Jungle" SDK, Realtek is making its fixes available but these will have to be backported, according to IoT Inspector.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/16/realtek_wifi_sdk_vulnerabilities/