August 17, 2022
Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild
Researchers released an exploit for a critical zero-click RCE vulnerability affecting networking devices using Realtek’s system on a chip (SoC).
A remote attacker might use it to compromise vulnerable devices without requiring authentication or user interaction.
The vulnerability was disclosed in March 25,2022 but has been exploited in the wild only recently.
- CVE-2022-27255, Critical (CVSS 3.1 : 9.8, Critical) – stack-based buffer overflow vulnerability, allowing remote attackers to execute code without authentication by using specially crafted SIP packets with malicious SDP data.
It should be noted that even if remote management features are disabled, a remote attacker could compromise the device.
- rtl819x-eCos-v0.x series
- rtl819x-eCos-v1.x series
While it is unclear how many networking devices contain RTL819x chips, the RTL819xD version of the SoC was found in products from over 60 vendors. ASUSTek, Belkin, Buffalo, D-Link, Edimax, TRENDnet, and Zyxel are among them.
CYREBRO recommends checking whether networking equipment is vulnerable and install a firmware update from the vendor released after March, if available.
References: Realtek Advisory