Taiwanese chip designer Realtek’s WiFi SDK vulnerability affects millions of IoT devices

Taiwanese chip maker Realtek issued a security advisory saying four security vulnerabilities were found in its software development kit and WiFi module, affecting 200 IoT devices from more than 65 manufacturers.

The four vulnerabilities are:

CVE-2021-35392: Heap buffer overflow vulnerability in WiFi Simple Config server due to insecure construction of SSDP NOTIFY message, CVSS score 8.1.

CVE-2021-35393: Heap buffer overflow vulnerability in WiFi Simple Config server due to insecure handling of UPnP SUBSCRIBE/UNSUBSCRIBE Callback headers, CVSS score 8.1.

CVE-2021-35394: Multiple buffer overflow vulnerability and arbitrary command injection vulnerability in ‘UDPServer’ MP tool, CVSS score 9.8.

CVE-2021-35395: Cache overflow vulnerability in HTTP web server boa caused by insecure duplication of some too long parameters, CVSS score of 9.8.

An attacker exploiting these vulnerabilities could completely hack the target device and execute arbitrary code with the highest privileges.

The vulnerability affects the following versions of the Realtek SDK:

Realtek SDK v2.x;

Realtek “Jungle” SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT;

Realtek “Luna” SDK 1.3.2.

The affected devices are mainly devices that implement wireless functions, including gateways, routers, WiFi repeaters, and IP cameras. Brands affected include AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, ZTE, Zyxel, and Realtek’s own routers .

The researchers obtained 198 distinct device fingerprints via UPnP responses, which, assuming an average of 5,000 units per device sold, puts the number of affected devices at about 1 million.

The Links:   LP121X04-B2P2 6DI100A-060