Router Software has Bug Issue

Friday, May 1, 2015 @ 06:05 PM gHale

A vulnerability present in version 1.3 of RealTek SDK (software development kit) can end up exploited by an attacker to execute arbitrary code on the device.

The kit sees use in broadband routers from D-Link and Trendnet, said researchers at HP’s Zero Day Initiative.

Misconfigured DNS Servers Vulnerable
Brute Force Attacks: Trawling for Passwords
Botnet Morph ‘Every Few Hours’
Global Effort: Botnet Taken Down

Although only the products of the two manufacturers were vulnerable, the list could end up larger as RealTek SDK sees use in the firmware production of wireless and gateway controllers.

The glitch first ended up reported on August 13 to HP’s Zero Day Initiative by security researcher Ricky Lawshae, who found D-Link and Trendnet products suffered from the issue. The vendor received repeated notices of the problem, but at the moment a patch is not available.

The flaw resides in the “MiniIGD” component part of the SOAP (simple object access protocol) service, which handles the communication between web services.

“The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges,” an advisory from ZDI said.

Mitigating the risk can occur by limiting interaction with the service only trusted clients. This can occur by implementing firewall rules or by creating whitelists with the machines that end up allowed communication.

Security researcher Stefan Viehböck said MiniIGD appears to be a fork from an old version of MiniUPnP. Some researchers suggest turning off the Universal Plug and Play (UPnP) service, used for discovering clients in a local network. On some devices, UPnP can also end up accessed from the Internet, thus enabling a remote attack.

Even if RealTek comes up with a patch for the problem, it would not end up implemented on all affected devices since many of them no longer receive support from their manufacturers.

Leave a Reply

You must be logged in to post a comment.