Security News > 2022 > August > Exploit out for critical Realtek flaw affecting many networking devices

Exploit out for critical Realtek flaw affecting many networking devices
2022-08-16 22:37

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip, which are estimated to be in the millions.

The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise vulnerable devices from various original equipment manufacturers, ranging from routers and access points to signal repeaters.

The four researchers from Faraday Security have developed proof-of-concept exploit code for CVE-2022-27255 that works on Nexxt Nebula 300 Plus routers.

Despite a patch being available since March, Ullrich warns that the vulnerability affects "Many of devices" and that a fix is unlikely to propagate to all devices.

Devices using firmware built around the Realtek eCOS SDK before March 2022 are vulnerable.

Attackers may use a single UDP packet to an arbitrary port to exploit the vulnerability.


News URL

https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-01 CVE-2022-27255 Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow.
network
low complexity
realtek CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Realtek 36 3 14 14 5 36