Realtek: Vulnerabilities in wireless SoCs affect devices from many manufacturers

Realtek system-on-chips are installed in many devices. Wireless devices from at least 65 manufacturers are affected by an SDK bug that provides a critical vulnerability. WLAN modules, VoIP and wireless routers and repeaters are particularly affected.

Critical vulnerability in Realtek SoCs

Bugs in the code of the software development kits (SDKs) that Realtek provides to device manufacturers using the wireless SoCs in question for firmware development are affected by a critical vulnerability. This has now been discovered by a team of researchers from the company IoT Inspector.

The problem affects devices from around 65 well-known manufacturers, including AsusTEK, Belkin, D-Link, Edimax, Hama, Logitec and Netgear. It mainly occurs with the Realtek RTL8xxx WLAN modules (model numbers: EV-2009-02-06, EV-2010-09-20, EV-2006-07-27, EV-2009-02-06, EV-2010-09-20), RTL8196C (EV-2009-02-06), RTL8186 (EV-2006-07-27) and RTL8671 (EV-2006-07-27, EV-2010-09-20) – according to IoT Inspector, VoIP and wireless routers, repeaters, IP cameras and smart lighting controllers from the aforementioned manufacturers are particularly affected.

According to Realtek, the vulnerabilities are based on insufficient validation and unclean further processing of received data traffic. This makes it possible for attackers to abuse the vulnerabilities under certain conditions by means of specially prepared data packets to execute any program code with the highest possible access rights and even render the devices unusable by means of a DDoS attack. This is possible both from the same WLAN or via the Internet.

Realtek’s vulnerability security report breaks down the affected SDK features in detail. Detailed explanations of attack possibilities are provided in the blog entry from IoT Inspector, which also includes a full list of affected devices (in the appendix at the end of the post).

SDK updates available to manufacturers

Firmware updates and new SDK kits have already been released by Realteak that fix the bug. This means it is now up to manufacturers to follow suit and provide updated as well as secure firmware versions. This is a problem especially for inexpensive IoT devices, since updates are very slow here – if they are possible at all.

End users, meanwhile, are only in a position to additionally secure and protect affected devices or to completely disconnect them from the network during the transition.