A vulnerability has been found in the RTL819D chipset drivers that would allow an attacker to gain a command shell running as a system on the device without the need for any authentication. The attacker can then run any code of their choosing on your device.
If you use any of these devices, please check to see if there are updated drivers available dated July 2021 or later. And set a reminder to check for updated drivers in a few weeks or a month if there are not any updates July ’21 or later.
RealTek is a common chipset used for sound and wifi by many vendors such as ARRIS, ASUSTek, Belkin, Buffalo, D-Link, EnGenius, Huawei, LG, Logitec, NetGear, TRENDnet, and many more. Many of these are wifi routers or cameras used at home and in small businesses.
A partial list is pasted below, but this is only a partial list.
NOTE: If your device is over 10 years old, it definitely will not get a patch. If it is over 5 years it probably will not get a patch.
***All the details of this attack have been released, and internet scanners are already scanning, cataloging, and tagging IPs of vulnerable systems. It will be only days before this is weaponized for exploit.
If you want to get into the weeds on this one:
The tech details (really into the weeds in this article) of the attack include code reviews: https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
The advisory from Realtek for some of the CVEs: https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
Individual vendors may have their own CVE IDs.
So the easiest thing to do is go look for updates if you have any devices on this list, or know of a device using a Realtek RTL819D chipset.
Daniel Weatherly, CISSP
Director of Security Services
Mainstream Technologies Inc.