Security News > 2022 > August > Exploit out for critical Realtek flaw affecting many networking devices
Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip, which are estimated to be in the millions.
The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise vulnerable devices from various original equipment manufacturers, ranging from routers and access points to signal repeaters.
The four researchers from Faraday Security have developed proof-of-concept exploit code for CVE-2022-27255 that works on Nexxt Nebula 300 Plus routers.
Despite a patch being available since March, Ullrich warns that the vulnerability affects "Many of devices" and that a fix is unlikely to propagate to all devices.
Devices using firmware built around the Realtek eCOS SDK before March 2022 are vulnerable.
Attackers may use a single UDP packet to an arbitrary port to exploit the vulnerability.
News URL
Related news
- New critical Microsoft Outlook RCE bug is trivial to exploit (source)
- Hackers exploit critical RCE flaw in Bricks WordPress site builder (source)
- ScreenConnect critical bug now under attack as exploit code emerges (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-01 | CVE-2022-27255 | Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. | 9.8 |