back to article Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. The flaws allow a remote, unauthenticated attacker to deny service, crash devices, and inject arbitrary commands, the advisory states [PDF …

  1. redpawn Silver badge

    Quality is job none

    Will they even try to notify users of obsolete kit? No updates must mean no problems. Right? Well, for Realtek it does.

    1. Annihilator Silver badge

      Re: Quality is job none

      Problem in this case is that no-one buys a Realtek product. They buy a Netgear router with a Realtek wireless module. So there's not much more Realtek can do in this instance.

      I couldn't have told you what chipset my router uses until I googled it 5 minutes ago. It's Qualcomm. From memory, it's usually going to be 1 of 4 - Realtek, Qualcomm, Broadcom or Intel.

  2. Lorribot Silver badge

    Iot the way forward...

    ...to hell.

    I woudl imagine that most of the devices affected have no real update mechanism, certainly no automated method and will rely on people to log in to them and apply an update through some archaic scripts or maybe they will have a button in the GUI that will allow something to happen sometime if the untrained user can find the right file on the right website.

    My guess is arond 10% of affected devices will be updated.

    Rule 1. Design to be manged, not to finish the project as quickly as possible.

    Rule 2. Make it do simple your grandmother could do it.

    1. doublelayer Silver badge

      Re: Iot the way forward...

      "My guess is arond 10% of affected devices will be updated."

      I admire your optimism. My guess would probably be at least two orders of magnitude lower because it sounds like most devices using this chip are consumer-level. Many people don't recognize networking equipment as needing the same level of attention to detail as their computers. Manufacturers in turn seem to think that it should have maybe two years of support life, if I'm optimistic, despite the fact that lots of decade-old networking kit works just as well if security isn't factored in.

    2. John Brown (no body) Silver badge

      Re: Iot the way forward...

      Rule 1. No, that costs money.

      Rule 2. No, that costs money.

      Here's a few rules that you'll find most manufacturers adhere to.

  3. HildyJ Silver badge
    Facepalm

    Prediction

    "Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users."

    Most manufacturers of this tat will never tell the users anything because their concern for users ends once the purchase is made.

    1. Doctor Syntax Silver badge

      Re: Prediction

      And that's the purchase by the distributor.

    2. Annihilator Silver badge

      Re: Prediction

      And manufacturers of this tat won't know their userbase unless they've registered it with them. Did you register your last wireless router with the manufacturer like they often suggest in the manual?

  4. sitta_europea Silver badge

    Any chance of a list of the affected product?

    1. diodesign (Written by Reg staff) Silver badge

      Affected products

      It's at the end of the linked-to advisory.

      C.

      1. General Purpose Bronze badge

        Re: Affected products

        The advisory also mentions a "toy" tank, fitted with a camera and who knows what munitions, now roaming around people's homes under extremely remote control ... what do you mean, a maniacal laugh?

  5. Mike 137 Silver badge

    Yet again

    Basic coding errors, as usual.

    The buffer overflow has been on the radar for around half century, and command injection ever since the web went public, so why do they still keep cropping up? Does anyone test their code for anything except minimal functionality?

    Answers on a postcard please ;-(

    1. ThatOne Silver badge
      Devil

      Re: Yet again

      > Does anyone test their code

      Short answer: No.

      Long answer, why spend more money for exactly the same profit?

      1. John Brown (no body) Silver badge
        Thumb Up

        Re: Yet again

        "Short answer: No."

        Which will fit on a stamp, thus saving the cost of the postcard :-)

  6. Lil Endian

    Faulty ISP Configurations

    "...faulty ISP configurations..."

    Faulty by design (routers), eg. TR-069 port 7547 open, UPnP on by default etc etc

    1. Anonymous Coward
      Anonymous Coward

      Re: Faulty ISP Configurations

      CenturyLink uses port 4567 for TR-069 and leaves it world-addressable. There's a REASON that I use my own standalone router, despite the CenturyLink one having all the capabilities I need...

  7. Warm Braw Silver badge

    Bad Homburg

    Fortunately the last place you'd expect to find evil black hats.

  8. Terry2000

    Another day for Realtek

    Many years ago when doing custom ROMs for Android phones Realtek made itself known to my conscious mind. Not in a good way.

    Closed source, buggy, unmaintained drivers for the cheapest GARBAGE hardware in the industry describes my experience. OH! Did I mention that they will disavow they ever heard of a chip not 5 years later; not 1 year later; but while the last batch is still on the loading dock as each little dip package waits breathlessly to RUIN the day of some unsuspecting customer somewhere.

    There is literally NOTHING this shite organization could do that would surprise me. The only reason they are not involved in CCP spying is because they are too incompetent to put the right code on the right chips.

  9. Muskiier

    Realtek OMG PTSD

    LOL. True. Realtek .OMG. Truly low end. However, the price point was always amazing! We used to use their Ethernet boards (ISA, BTW). and they were CAD$12 vs the next closest at $30 and worked pretty well. But, if we were building X white boxes, we'd always order 20% more because, guaranteed, we'd have that many DOA. It was our first lesson in you get what you pay for. Driver updates, if you could navigate the website to find them, were kinda sparse.

  10. Will Godfrey Silver badge
    Facepalm

    Well Gosh

    We never had a clue this was the case did we?

  11. Anonymous Coward
    Anonymous Coward

    Ahhh realtek

    Ahhh realtek, the cheapest of the cheap crap.

  12. FlamingDeath Silver badge

    If ever I was to create some RCE vulnerability I’d definitely want the discoverers to name the vulnerability “simple something”

    Thats quite a badge to achieve

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021