[MART] - Daily Diary #573 - Realtek SDK Vulnerability Affects Router Vendors

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Aug 12 19:53:34 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/12/2022 - Diary entry #573:

In March this year, a high-severity vulnerability was disclosed affecting the eCos SDK, made by Realtek, impacting routers of many vendors. The vulnerability was already fixed, but since it is the vendor’s responsibility to ensure that the patch is distributed to end-user devices, there are still lots of vendors using the vulnerable SDK.

Tracked as CVE-2022-27255, it relies on a buffer overflow vulnerability due to insufficient validation on the received buffer handled by the “SIP ALG“ module. By crafting SIP packets, an adversary can exploit the flaw remotely, via a WAN interface, causing a crash (Denial of Service / DoS) or Remote Code Execution (RCE).

As of today, there are almost 20 vendors that use the vulnerable SDK in their products, including Tenda, Nexxt, Intelbras, and D-Link. Researches also show that there are over 60,000 vulnerable routers exposed on the internet.

We recommend any organization using the affected products to patch them if possible (if not, replace them) and to monitor suspicious activity related to SIP packets on the network.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220812/a13ca64a/attachment.htm>

More information about the MART mailing list