Hsinchu, Taiwan – Sep 1, 2022 – In the 2022 DEFCON, one of the world’s largest and most notable hacker conventions, four security researchers ( Octavio Gianatiempo, Octavio Galland, Emilio Couto, Javier Aguinaga ) reported a vulnerability in Realtek eCos SDK. They are researchers from cybersecurity company Faraday Security in Argentina and also are computer science students at the University of Buenos Aires, Argentina.
Realtek Semiconductor Corp is famous about its various network chips which are the cores of many network appliances like Ethernet PCI-e card, Wi-Fi routers, network switches, SIP phones and so on. According to the default rules, the four researcher notified Realtek. And then they published in DEFCON after Realtek has solved this issue and distributed the patch. This Realtek Vulnerability Report acknowledged the four researchers and mentioned this flaw is the CVE-2022-27255. The CVE-2022-27255 means the SIP ALG module of rtl819x-eCos-v0.x and rtl819x-eCos-v1.x series is vulnerable for RCE (Remote Code Execution).
eCos is a real-time operating system designed for embedded system. Although the main trend is using Linux, eCos is a little bit popular because it can be configured as the application-specific operating system and thus have the minimized footprint. So Realtek made the eCos SDK for some of its chips.
However, CVE-2022-27255 has been found. Any network devices which used rtl819x-eCos-v0.x and rtl819x-eCos-v1.x SDK are critical. It is unclear how many networking devices use RTL819x chips but the RTL819xD version of the SoC was present in products from more than 60 vendors like ASUSTek, Belkin, Buffalo, D-Link, Edimax, TRENDnet, and Zyxel.
CVE-2022-27255
CVE Id | CVE Description | CVSS v3 Score | Severity Level | Affected Software |
---|---|---|---|---|
CVE-2022-27255 | In Realtek AP-Router eCos SDK, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. | 9.8 | Critical | rtl819x-eCos-v0.x and rtl819x-eCos-v1.x series |
Lionic Actions
Rule ID | Description |
---|---|
8101580 | Realtek eCOS SDK SIP ALG Stack Buffer Overflow attempt |
8101604 | Realtek eCOS SDK SIP ALG Stack Buffer Overflow attempt |
… | … |
Realtek released the CVE-2022-27255 patch in March, 2022. So every RTL819x based network device which is manufactured before March, 2022 may be dangerous. If there is no new firmware of RTL819x based network device which fixed the CVE-2022-27255, maybe a Pico-UTM is suitable for defending you against CVE-2022-27255 and other popular exploits.
Lionic has designed the anti-intrusion rules which are against Realtek eCos SDK SIP ALG vulnerability and many other popular vulnerabilities. If network administrators are tired of fixing the endless stream of cybersecurity vulnerabilities, they can use the Lionic Pico-UTM as the “Virtual Bug Fix”. After the Pico-UTM is protecting the servers, the network administrators can take their time to wait for the most stable firmware version.
References:
- “Exploit out for critical Realtek flaw affecting many networking devices”, https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/
- “CVE-2022-22965”, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
- “Realtek AP-Router SDK Advisory (CVE-2022-27255)”, https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf
About Lionic Corporation
Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.
Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.