U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A flaw in Realtek SDK exposes SOHO routers to the attack

A flaw affecting Realtek SDK exposes SOHO routers to remote code execution attacks. List of vulnerable devices include D-Link and TRENDnet products. The security expert from DVLabs security researcher and content developer at HP Enterprise Security Ricky Lawshae discovered a (CVE-2014-8361) vulnerability that affects Realtek SDK used for RTL81xx chipsets. The exploitation of the vulnerability allows a […]

A flaw in Realtek SDK exposes SOHO routers to the attack

A flaw affecting Realtek SDK exposes SOHO routers to remote code execution attacks. List of vulnerable devices include D-Link and TRENDnet products.

The security expert from DVLabs security researcher and content developer at HP Enterprise Security Ricky Lawshae discovered a (CVE-2014-8361) vulnerability that affects Realtek SDK used for RTL81xx chipsets.

The exploitation of the vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on the vulnerable systems with root privileges.

Routers RealTek SDK 2

The expert reported the vulnerability to HP’s Zero-Day Initiative (ZDI) in August 2014, but after a prolonged silence of the company, ZDI decided to disclose the flaw that was rated with a CVSS score of 10.

“The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call,” reads an advisory published by ZDI.

The expert was able to exploit of the flaw on two families of routers, the D-Link and the TRENDnet routers, which used the RTL81xx chipsets, anyway other SOHO devices from other vendors use the same chipset. Lawshae speculates that devices using the miniigb binary from the Realtek SDK are affected by the flaw.

“Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting.” is the mitigation strategy described in the advisory.

Realtek has not released any comment.

Security flaws in SOHO devices are very dangerous because they could be exploited by threat actors for large-scale attacks as happened in March 2014 when researchers at Team Cymru published a detailed report on a large scale SOHO pharming attack that hit more than 300,000 devices worldwide.

Pierluigi Paganini

(Security Affairs – Realtek , SOHO device)