SOHOpeless Realtek driver vuln hits Wi-Fi routers

SOAP scum dirties D-Link, TRENDnet and maybe more

Hacker kitten

Twenty months of optimism has come to nought, so the Zero Day Initiative has gone public with a vulnerability in the Realtek SDK that's inherited by at least two broadband router vendors.

The vulnerability that the HP-owned TippingPoint initiative discovered, here, is in the SDK's SOAP implementation.

The minigd SOAP service doesn't sanitise user data in NewInternalClient requests, before executing a system call – and that gives remote attackers the chance to execute arbitrary code as root.

It's specific to 802.11 a/b/g and 802.11b controllers from Realtek – which means newer devices aren't on the list.

The vulnerability was turned up by HP's Rick Lawshae, whose Twitter handle is @HeadlessZeke, and who identified D-Link and TRENDnet as vulnerable:

Lawshae suggests this developer Wiki as a resource to suggest which other devices may be vulnerable.

Zero Day says in the absence of a patch, the only viable mitigation strategy is to make sure only trusted systems can communicate with the SOAP service (for example, via firewall rules).

The initiative states that the vulnerability was reported to it in 2013, and in August 2014 it contacted the vendor. ®

Biting the hand that feeds IT © 1998–2018