RealTek SDK Introduces Vulnerability In Some Routers

jones_supa writes: SOHO routers from manufacturers including at least Trendnet and D-Link allow attackers anywhere in the world to execute malicious code on the devices, according to a security advisory issued over the weekend. The remote command-injection vulnerability resides in the "miniigd SOAP service" as implemented by the RealTek SDK. Before someone asks, there is no comprehensive list of manufacturers or models that are affected. Nerds may be able to spot them by using the Metasploit framework to query their router. If the response contains "RealTek/v1.3" or similar, the device is likely vulnerable. For now, the vulnerable routers should be restricted to communicate only with trusted devices. HP's Zero Day Initiative reported the bug confidentially to RealTek in August 2013, but the issue was disclosed 20 months later as no fix has been provided.

Sounds like a good policy anyway.

[ron_ivi]

should be restricted to communicate only with trusted devices

Sounds like a good policy anyway.

I knew it!

[Anonymous Coward]

You can't trust "realtek", they are everywhere yet none of their products are worth a dime.

Fritz!Box

[DrYak]

And I knew it was a good idea to go for AVM [avm.de]'s Fritz!Box-es...

(regular updates even for old models, no market segmentation where models only differ by firmware, trying to cram as much feature in one model as possible instead of launching 20 subtly different models, etc.)

Er. 201*4*, no?

[seebs]

TFA says 2014, not 2013. And thus, not 20 months later.

Re:

[jonwil]

And what about when the router you use is an all-in-one provided by your ISP and you dont get a say in which one you use?
Like cable companies that provide a cable modem/router and dont give you any choice but to use theirs.
Or things like Verizon FiOS or AT&T U-Verse where they provide the same (modem/router in the one box)

Re:

[UnderCoverPenguin]

And what about when the router you use is an all-in-one provided by your ISP and you dont get a say in which one you use?
Like cable companies that provide a cable modem/router and dont give you any choice but to use theirs.
Or things like Verizon FiOS or AT&T U-Verse where they provide the same (modem/router in the one box)

So far, in my experience, cloning a PC's mac address to your own router's WLAN port has worked for me and for friends of mine. And since my router (as well as most of the PCs in my house) is running a version of Linux, I can truthfully say I'm running Linux.

Re:

[viperidaenz]

It looks like this issue only effects routers running some version of Linux, since miniigd is an application designed to run on Linux.

Here's a copy of its start-up script
https://github.com/KrabbyPatty... [github.com]

Re:

[HannethCom]

Shaw Cable in Canada allows you direct access to the configuration of the modem/router/wifi box. Unfortunately, if you turn off the wifi, it doesn't completely turn off the wifi. You have to call Shaw and get them to disable wifi on their side as turning if off in the software doesn't actually shut off the wifi, it just disables people seeing and connecting to it. The modem/router/wifi sometimes cuts out the cable modem part for a couple of minutes a few times a day if the wifi is enabled at all.

Re:

[tlhIngan]

Shaw Cable in Canada allows you direct access to the configuration of the modem/router/wifi box. Unfortunately, if you turn off the wifi, it doesn't completely turn off the wifi. You have to call Shaw and get them to disable wifi on their side as turning if off in the software doesn't actually shut off the wifi, it just disables people seeing and connecting to it. The modem/router/wifi sometimes cuts out the cable modem part for a couple of minutes a few times a day if the wifi is enabled at all.

If you're o

Re:

[gstoddart]

Put your firewall behind their router?

Yes, you have to use theirs to connect to the network .. but then you don't trust it and use your own.

Or, will that not work for you?

Because there's no way in hell I'd plug my PC directly into a router provided by my ISP. No fucking way. I trust neither them nor their security.

Hell, I'm not even on the same router/wifi network as my wife, we both have a router connected to the ISPs router.

It's just a device which gets a DHCP address, isn't it?

Or maybe support an Open Source option?

[mcrbids]

You could do that, or you could buy a router pre-configured with OSS from the factory. [thinkpenguin.com] It's not even expensive at ~ $50.

I bought a similar model about a year ago, and its large antennas and decent range/speed make it the best router I've yet had. If it's not even more expensive, why not support a vendor that supports (more) secure, Open Source solutions?

I have no relationship with this vendor other than being a happy customer

Re:

[mcrbids]

By spec, wireless N, up to 300 Mbit.

In practice, I've gone through 4 different routers, and so far, this one has come out on top. It has two decent antennas which may be some of that difference, to be fair.

My house was (over)built in the 1970s with 3/4" sheet rock, making each room almost like a Faraday cage - getting wifi signal *at all* from two rooms over is spotty at best. In my bedroom (2 doors away from the hotspot) I see about 15-20 Mbits, but in the same room I see up to ~ 40 Mbits for torrents. (50

Re:

[Anonymous Brave Guy]

Interesting idea, but the hardware spec for that device is so lacking in basic facilities that it will probably be a non-starter for a lot of people.

Re:

[drinkypoo]

You could do that, or you could buy a router pre-configured with OSS from the factory. It's not even expensive at ~ $50.

They don't seem to offer a model with GigE. That's an abject failure, today. Anything contemporary and not heinously expensive?

FWIW, I'm using a C2D PC with 1xGigE, and a QFE card for routing and some ethernet ports, and 5-port switches on both the GigE and 100Mbps segments, then a Mikrotik Routerboard (411, IIRC) running OpenWRT to handle the WiFi. The total cost is somewhere around $120, but it does dramatically more...

Re:

[amalcolm]

why not support a vendor that supports ... Open Source solutions?

Because open source software sucks balls?

Isn't that a feature ? :)

Why are they allowed to get away with this?

[Required Snark]

Suppose you bought a kitchen appliance and under a particular set of conditions it fried all the wiring in you house, and perhaps caused it to burn down. There would be a recall, and a lot of civil litigation. Why are electronic equipment manufacturers allowed to get away with this kind of crap?

It's even worse, because unlike a lot of other gear, they can actually fix the problem in the field. They don't have to do a physical recall like car companies do. What they need is remote update features.

I think i

Re:

[MechaStreisand]

Liability belongs with the ones making a profit from it, Anonymous Idiot.

Re:

[amalcolm]

Why? If a manufacutere decides to use ANY software in his product, it's up to him/her to A: test the software in the configuration he installs it in, on his hardware B: fix bugs and provide patches/updates This is irregardless of the provenance of the software. If its FOSS, there is at least the possiblity that bug fixes and updates will be provided for him/her by trhe community that wrote/supprts it, saving time and effort. As was stated above, when you start making a profit from software, however it w

Re:

[viperidaenz]

But it as a consumer and leverage your consumer rights you are granted in by your local laws. They're usually something along the lines of fit for purpose and of acceptable quality. Retails usually must provide remedy, replacement or refunds.

Not a bug. Won't fix.

[Anonymous Coward]

This is our hardware. We made it, we're going to have a backdoor into it.