SOHOpeless Realtek driver vuln hits Wi-Fi routers
SOAP scum dirties D-Link, TRENDnet and maybe more
Twenty months of optimism has come to nought, so the Zero Day Initiative has gone public with a vulnerability in the Realtek SDK that's inherited by at least two broadband router vendors.
The vulnerability that the HP-owned TippingPoint initiative discovered, here, is in the SDK's SOAP implementation.
The minigd SOAP service doesn't sanitise user data in NewInternalClient requests, before executing a system call – and that gives remote attackers the chance to execute arbitrary code as root.
It's specific to 802.11 a/b/g and 802.11b controllers from Realtek – which means newer devices aren't on the list.
The vulnerability was turned up by HP's Rick Lawshae, whose Twitter handle is @HeadlessZeke, and who identified D-Link and TRENDnet as vulnerable:
@sviehb Hard to say. I personally reproed in trendnet and d-link, but anything using miniigd binary from the realtek sdk is likely vuln— HeadlessZeke (@HeadlessZeke) April 26, 2015
Lawshae suggests this developer Wiki as a resource to suggest which other devices may be vulnerable.
Zero Day says in the absence of a patch, the only viable mitigation strategy is to make sure only trusted systems can communicate with the SOAP service (for example, via firewall rules).
The initiative states that the vulnerability was reported to it in 2013, and in August 2014 it contacted the vendor. ®