Security News

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. CVE-2021-35394 - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDPServer' MP tool.

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

A large number of IoT systems could be exposed to remote hacker attacks due to serious vulnerabilities found in software development kits provided to device manufacturers by Taiwan-based semiconductor company Realtek. Firmware security company IoT Inspector said its researchers have identified more than a dozen vulnerabilities in SDKs provided by Realtek to companies that use its RTL8xxx chips.

Sectigo announced the addition of the Sectigo Secure Key Storage SDK to its collection of offerings. Sectigo Secure Key Storage: The software-based alternative for IoT devices.

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

A critical vulnerability discovered in a ThroughTek P2P software development kit used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. The company says its solutions are used by millions of connected devices.

A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.

A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.

A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.