Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Bug Networking Security Wireless Networking

RealTek SDK Introduces Vulnerability In Some Routers 35

jones_supa writes: SOHO routers from manufacturers including at least Trendnet and D-Link allow attackers anywhere in the world to execute malicious code on the devices, according to a security advisory issued over the weekend. The remote command-injection vulnerability resides in the "miniigd SOAP service" as implemented by the RealTek SDK. Before someone asks, there is no comprehensive list of manufacturers or models that are affected. Nerds may be able to spot them by using the Metasploit framework to query their router. If the response contains "RealTek/v1.3" or similar, the device is likely vulnerable. For now, the vulnerable routers should be restricted to communicate only with trusted devices. HP's Zero Day Initiative reported the bug confidentially to RealTek in August 2013, but the issue was disclosed 20 months later as no fix has been provided.
This discussion has been archived. No new comments can be posted.

RealTek SDK Introduces Vulnerability In Some Routers

Comments Filter:
  • should be restricted to communicate only with trusted devices

    Sounds like a good policy anyway.

  • by Anonymous Coward

    You can't trust "realtek", they are everywhere yet none of their products are worth a dime.

    • And I knew it was a good idea to go for AVM [avm.de]'s Fritz!Box-es...

      (regular updates even for old models, no market segmentation where models only differ by firmware, trying to cram as much feature in one model as possible instead of launching 20 subtly different models, etc.)

  • Er. 201*4*, no? (Score:3, Interesting)

    by seebs ( 15766 ) on Tuesday April 28, 2015 @07:03PM (#49573643) Homepage

    TFA says 2014, not 2013. And thus, not 20 months later.

  • Suppose you bought a kitchen appliance and under a particular set of conditions it fried all the wiring in you house, and perhaps caused it to burn down. There would be a recall, and a lot of civil litigation. Why are electronic equipment manufacturers allowed to get away with this kind of crap?

    It's even worse, because unlike a lot of other gear, they can actually fix the problem in the field. They don't have to do a physical recall like car companies do. What they need is remote update features.

    I think i

    • But it as a consumer and leverage your consumer rights you are granted in by your local laws. They're usually something along the lines of fit for purpose and of acceptable quality. Retails usually must provide remedy, replacement or refunds.

  • by Anonymous Coward

    This is our hardware. We made it, we're going to have a backdoor into it.

One person's error is another person's data.

Working...