Four bugs affect Realtek chipsets
The popular Wi-Fi chipset maker has reported that there are four vulnerabilities that affect many of its modules. Specifically, they affect Realtek SDK v2.x, Realtek «Jungle» SDK v3.0 / v3.1 / v3.2 / v3.4.x / v3.4T / v3.4T-CT and Realtek «Luna» SDK up to version 1.3.2.
In case an attacker managed to exploit these security flaws you could completely compromise that device and run arbitrary code with all privileges. This logically puts computers running these chipsets in serious danger.
The failures are specifically the following:
- CVE-2021-35392: received a score of 8.1. This is a buffer overflow vulnerability in the WiFi Simple Config server due to insecure processing of SSDP NOTIFY messages.
- CVE-2021-35393– The second registered vulnerability has also received a dangerous score of 8.1. In this case it also affects the WiFi Simple Config server and this time it is due to an insecure parsing of the UPnP SUBSCRIBE / UNSUBSCRIBE callback header.
- CVE-2021-35394: more serious is this vulnerability. It has received a score of 9.8 points. This is multiple buffer overflow vulnerabilities and arbitrary command injection vulnerability in MP tool ‘UDPServer’.
- CVE-2021-35395– The fourth and final vulnerability also received a score of 9.8. It is several buffer overflow vulnerabilities in HTTP web server ‘boa’ due to insecure copies of some too long parameters.
Many devices affected by Realtek failures
Many teams have been affected by these four vulnerabilities that we have seen. This includes IoT devices of all kinds, where we can highlight IP cameras, Wi-Fi repeaters, portable routers, intelligent lighting systems …
The security researchers behind this discovery indicate that it affects brands such as AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL, ZTE, or Zyxel.
These same researchers indicate that in total there may be about a million devices vulnerable around the world. There are a total of 198 devices that have been affected and on average each of them has had about 5,000 sales.
They recommend updating the devices as soon as possible. Updates have been released for the Realtek “Luna” SDK in version 1.3.2a. In addition, they recommend making backup copies and thus reduce to the maximum the security risks that we may suffer.
In short, once again the importance of having the latest versions on any device we use is demonstrated. In this case, these are vulnerabilities that affect devices that use some Realtek Wi-Fi chipsets. It is essential to apply all the patches that are available and in this way correct any errors that appear.