Be very careful if you have a Tenda router, it can be easily hacked

When a vulnerability on some device means an attacker can exploit it to take control, infect it with malware, or steal data. That is what has happened with a new and serious fault detected that affects numerous routers. An attacker can exploit these devices remotely and it affects several brands, so many users are affected.

Many routers affected by a critical vulnerability

This critical security flaw has been logged as CVE-2022-27255 and is present in the chips Realtek RTL819x. This chip is used in many network devices and, once the vulnerability is released, they can be easily attacked. Note that it has received a severity score of 9.8 out of 10.

The vulnerability is a buffer overflow that allows a hypothetical attacker run code remotely without having to authenticate. To do this, it will simply use SIP packets with malicious SDP data.

One of the problems that make this bug more serious is that does not need victim interaction. That is, if the attacker tries to take control of the router, he does not need the user to make any mistake, such as executing a file, opening a link or changing something in the configuration. You will only need the public IP address of the vulnerable device.

This vulnerability was discovered months ago and has already been patched since March. The problem is that it continues to affect millions of devices and it is likely that there are models that do not yet have a solution. That is why it is always essential to have the devices correctly updated, since only then can we correct errors of this type. Now that they have released the vulnerability, it is even more important to update.

Affected Models

Bug CVE-2022-27255 affects Realtek RTL819x and puts at risk many router models. It mainly affects Tenda, but also other brands such as Nexxt, Zyxel or D-Link (a model that is only marketed in Latin America), among others that have also been affected.

Here you can see the complete list of the affected routers and that they have shared on GitHub:

Nexxt Nebula 300 Plus
Tende F6 V5.0
Tenda F3 V3
Tende F9 V2.0
Tenda AC5 V3.0
Tenda AC6 V5.0
Tenda AC7 V4.0
Tenda A9 V3
Tenda AC8 V2.0
Tenda AC10 V3
Tende AC11 V2.0
Tende FH456 V2.0
Zyxel NBG6615 V1.00
Intelbras RF 301K V1.1.15
Multilaser AC1200 RE018
iBall 300M-MIMO (iB-WRB303N)
Brostrend AC1200 Extender
MT-Link MT-WR850N
MT-Link MT-WR950N
Everest EWR-301
D-Link DIR-822 h/w version B (only sold in Latin America)
Speedefy K4
Ultra-Link Wireless N300 Universal Range Extender
KEO KLR 301
QPCOM QP-WR347N
NEXT 504N
Nisuta NS-WIR303N (probably V2)
Rockspace AC2100 Dual Band Wi-Fi Range Extender
KNUP KP-R04
Hikvision DS-3WR12-E

However, the list of affected models is open. That is, it is possible that there are others who are also affected by this vulnerability, but it is not yet known. The fact that they are widely used equipment going to make hackers set their sights here. If you have a model that appears on the list, what you need to do is make sure that you have it updated correctly. In case you have not received patches to solve this problem, unfortunately you will not be able to do anything.

It is important to have the router updated. Sometimes they update themselves. Others, however, you will have to do it manually. The same happens with other devices connected to the network and that can also become vulnerable at any given time. In this case we are facing a security flaw registered as CVE-2022-27255 and that affects the Realtek RTL819x chips, but similar failures can occur at any time and it is convenient to have everything patched.