August 17, 2022

Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild

Researchers released an exploit for a critical zero-click RCE vulnerability affecting networking devices using Realtek’s system on a chip (SoC).

A remote attacker might use it to compromise vulnerable devices without requiring authentication or user interaction.

The vulnerability was disclosed in March 25,2022 but has been exploited in the wild only recently.

The Vulnerability

• CVE-2022-27255, Critical (CVSS 3.1 : 9.8, Critical) – stack-based buffer overflow vulnerability, allowing remote attackers to execute code without authentication by using specially crafted SIP packets with malicious SDP data.
  It should be noted that even if remote management features are disabled, a remote attacker could compromise the device.

Affected Chips

• rtl819x-eCos-v0.x series
• rtl819x-eCos-v1.x series

While it is unclear how many networking devices contain RTL819x chips, the RTL819xD version of the SoC was found in products from over 60 vendors. ASUSTek, Belkin, Buffalo, D-Link, Edimax, TRENDnet, and Zyxel are among them.

Mitigation

CYREBRO recommends checking whether networking equipment is vulnerable and install a firmware update from the vendor released after March, if available.

References: Realtek Advisory