A security flaw by semiconductor giant Realtek affects millions of IoT (Internet of Things) devices with Wi-Fi connectivity, including routers, repeaters, IP cameras, smart bulbs, and even toys for kids from a wide variety of brands.
As collected The Hacker News, the vulnerabilities allow an attacker to take the full control of the operating system of the victim’s device. Consequently, by having the highest level of user privileges, you could arbitrarily execute malicious code. To do this, the attackers must be on the same Wi-Fi network.
The vulnerabilities, found in the firmware of the affected devices, exist due to a bug in the development kits (SDKs) used by Realtek clients in almost all parts of the world. Some of the manufacturers hit by the problem are well-known brands such as AsusTEK, Belkin, D-Link, Logitech, and Netgear.
The Realtek problem in more than 47 brands
According to the German IoT Inspector researchers, there are 47 device brands with Realtek Wi-Fi solutions affected by the vulnerabilities. The company has prepared a list of all the vulnerable manufacturers listed below. The specific model affected can be consulted at this link.
- Abocom System Inc.
- AIgital
- Amped Wireless
- Askey
- ASUSTek Computer Inc.
- BEST ONE TECHNOLOGY CO., LTD.
- Beeline
- Belkin
- Buffalo Inc.
- Calix Inc.
- China Mobile Communication Corp.
- Compal Broadband Networks, INC.
- D-Link
- DASAN Networks
- Davolink Inc.
- Edge-core
- Edimax
- Edison
- EnGenius Technologies, Inc.
- ELECOM Co., LTD.
- Esson Technology Inc.
- EZ-NET Ubiquitous Corp.
- IFAD
- Hama
- Hawking Technologies, Inc.
- MT-Link
- Huawei
- IO DATA DEVICE, INC.
- iCotera
- IGD
- LG International
- LINK-NET TECHNOLOGY CO., LTD.
- Logitec
- MMC Technology
- MT-Link
- NetComm Wireless
- Netis
- Netgear
- Nexxt Solutions
- Watch Telecom
- Occtel
- Omega Technology
- PATECH
- PLANEX COMMUNICATIONS INC.
- Planex Communications Corp.
- PLANET Technology
- Realtek
As it is possible to find Realtek vulnerabilities by analyzing the firmware, IoT Inspector has made available a tool that allows to detect faults. Although it is a paid software, it is possible to access a free trial to find out if a device is affected.
Realtek, for its part, has been quick to release security patches for its affected SDKs. However, it has only taken this step only now, but security concerns have been in your code for more than a decade, according to security experts at IoT Inspector.
Now the ball is on the side of brands of Wi-Fi devices, which must release security patches for their affected products. It should be noted that older devices, which cannot be upgraded, will be out of patches and remain vulnerable.