Thought Leadership

RealTek Device Security Notice

A vulnerability has been found in the RealTek RTL819D chipset drivers that would allow an attacker to gain a command shell running as a system on the device without the need for any authentication. The attacker can then run any code of their choosing on your device.

If you use any of these devices, please check to see if there are updated drivers available dated July 2021 or later. And, set a reminder to check for updated drivers in a few weeks or a month if there are not any updates in July’21 or later.

RealTek is a common chipset used for sound and wifi by many vendors such as ARRIS, ASUSTek, Belkin, Buffalo, D-Link, EnGenius, Huawei, LG, Logitec, NetGear, TRENDnet, and many more. A lot of these are wifi routers or cameras used at home and in small businesses.

A partial list is pasted below, but this is only a partial list.

NOTE: If your device is over 10 years old, it definitely will not get a patch. If it is over 5 years it probably will not get a patch.

***All the details of this attack have been released, and internet scanners are already scanning, cataloging, and tagging IPs of vulnerable systems. It will be only days before this is weaponized for exploitation.

If you want to get into the weeds on this one:

The tech details (really into the weeds in this article) of the attack include code reviews: https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/

The advisory from Realtek for some of the CVE’s: https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf

Individual vendors may have their own CVE IDs.

So the easiest thing to do is go look for updates if you have any devices on this list, or know of a device using a Realtek RTL819D chipset.

Daniel Weatherly, CISSP
Mainstream Technologies Inc.
501-801-6706

List of (known) affected manufacturers (as of 8/15/21)

ManufacturerAffected Models
A-Link Europe LtdA-Link WNAP WNAP(b)
ARRIS Group, IncVAP4402_CALA
Airlive Corp.WN-250R
WN-350R
Abocom System Inc.Wireless Router?
AIgitalWifi Range Extenders
Amped WirelessAP20000G
AskeyAP5100W
ASUSTek Computer Inc.RT-Nxx models, WL330-NUL
Wireless WPS Router RT-N10E
Wireless WPS Router RT-N10LX
Wireless WPS Router RT-N12E
Wireless WPS Router RT-N12LX
BEST ONE TECHNOLOGY CO., LTD.AP-BNC-800
BeelineSmart Box v1
BelkinF9K1015
AC1200DB Wireless Router F9K1113 v4
AC1200FE Wireless Router F9K1123
AC750 Wireless Router F9K1116
N300WRX
N600DB
Buffalo Inc.WEX-1166DHP2
WEX-1166DHPS
WEX-300HPS
WEX-733DHPS
WMR-433
WSR-1166DHP3
WSR-1166DHP4
WSR-1166DHPL
WSR-1166DHPL2
Calix Inc.804Mesh
China Mobile Communication Corp.AN1202L
Compal Broadband Networks, INC.CH66xx cable modems line.
D-LinkDIR-XXX models based on rlx-linux
DAP-XXX models based on rlx-linux
DIR-300
DIR-501
DIR-600L
DIR-605C
DIR-605L
DIR-615
DIR-618
DIR-618b
DIR-619
DIR-619L
DIR-809
DIR-813
DIR-815
DIR-820L
DIR-825
DIR-825AC
DIR-825ACG1
DIR-842
DAP-1155
DAP-1155 A1
DAP-1360 C1
DAP-1360 B1
DSL-2640U
DSL-2750U
DSL_2640U
VoIP Router DVG-2102S
VoIP Router DVG-5004S
VoIP Router DVG-N5402GF
VoIP Router DVG-N5402SP
VoIP Router DVG-N5412SP
Wireless VoIP Device DVG-N5402SP
DASAN NetworksH150N
Davolink Inc.DVW2700 1
DVW2700L 1
Edge-coreVoIP Router ECG4510-05E-R01
EdimaxRE-7438
BR6478N
Wireless Router BR-6428nS
N150 Wireless Router BR6228GNS
N300 Wireless Router BR6428NS
BR-6228nS/nC
Edisonunknown
EnGenius Technologies, Inc.11N Wireless Router
Wireless AP Router
ELECOM Co., LTD.WRC-1467GHBK
WRC-1900GHBK
WRC-300FEBK-A
WRC-733FEBK-A
Esson Technology Inc.Wifi Module ESM8196 – https://fccid.io/RKOESM8196 (therefore any device using this wifi module)
EZ-NET Ubiquitous Corp.NEXT-7004N
FIDAPRN3005L D5
Hamaunknown
Hawking Technologies, Inc.HAWNR3
MT-LinkMT-WR600N
HuaweiHG532e, HGxxx models
I-O DATA DEVICE, INC.WN-AC1167R
WN-G300GR
iCoterai6800
IGD1T1R
LG InternationalAxler Router LGI-R104N
Axler Router LGI-R104T
Axler Router LGI-X501
Axler Router LGI-X502
Axler Router LGI-X503
Axler Router LGI-X601
Axler Router LGI-X602
Axler Router RT-DSE
LINK-NET TECHNOLOGY CO., LTD.LW-N664R2
LW-U31
LW-U700
LogitecBR6428GNS
LAN-W300N3L
MMC TechnologyMM01-005H
MM02-005H
MT-LinkMT-WR730N
MT-WR760N
MT-WR761N
MT-WR761N+
MT-WR860N
NetComm WirelessNF15ACV
NetisWF2411
WF2411I
WF2411R
WF2419
WF2419I
WF2419R
WF2681
NetgearN300R
Nexxt SolutionsAEIEL304A1
AEIEL304U2
ARNEL304U1
Observa TelecomRTA01
OcctelVoIP Router ODC201AC
VoIP Router OGC200W
VoIP Router ONC200W
VoIP Router SP300-DS
VoIP Router SP5220SO
VoIP Router SP5220SP
Omega TechnologyWireless N Router O31 OWLR151U
Wireless N Router O70 OWLR307U
PATECHAxler RT-TSE
Axler Router R104
Axler Router R3
Axler Router X503
Axler Router X603
LotteMart Router 104L
LotteMart Router 502L
LotteMart Router 503L
Router P104S
Router P501
PLANEX COMMUNICATIONS INC.
Planex Communications Corp.
MZK-MF300N
MZK-MR150
MZK-W300NH3
MZK-W300NR
MZK-WNHR
PLANET TechnologyVIP-281SW
RealtekRTL8196C EV-2009-02-06
RTL8xxx EV-2009-02-06
RTL8xxx EV-2010-09-20
RTL8186 EV-2006-07-27
RTL8671 EV-2006-07-27
RTL8671 EV-2010-09-20
RTL8xxx EV-2006-07-27
RTL8xxx EV-2009-02-06
RTL8xxx EV-2010-09-20
Revogi Systems
Sitecom Europe BVSitecom Wireless Gigabit Router WLR-4001
Sitecom Wireless Router 150N X1 150N
Sitecom Wireless Router 300N X2 300N
Sitecom Wireless Router 300N X3 300N
SkystationCWR-GN150S
Sercomm Corp.Telmex Infinitum
Shaghal Ltd.ERACN300
Shenzhen Yichen (JCG) Technology Development Co., Ltd.JYR-N490
Skyworth Digital Technology.Mesh Router
Smartlinkunknown
TCL Communicationunknown
TechnicolorTD5137
TelewellTW-EAV510
TendaAC6, AC10, W6, W9, i21
TotolinkA300R
TRENDnet, Inc.
TRENDnet Technology, Corp.
TEW-651BR
TEW-637AP
TEW-638APB
TEW-831DR
UPVELUR-315BN
ZTEMF253V, MF910
ZyxelP-330W
X150N
NBG-2105
NBG-416N AP Router
NBG-418N AP Router
WAP6804
  • Industry

  • Category

  • Regulation

  • Solution

Little Rock, AR | Conway, AR | Bentonville, AR

325 West Capitol Ave., Suite 200
Little Rock, AR 72201

Central Arkansas 501.801.6700

Northwest Arkansas 479.439.5700

Toll Free 1.800.550.2052

Mainstream Technologies, Inc., Information Technology Services, Little Rock, AR
© Copyright 2021. Mainstream Technologies, Inc. All Rights Reserved. Privacy Policy | Sitemap