Critical Vulnerability (CVE-2022-27255) in Realtek AP-Router SDK

Proof-of-concept exploit released for a Critical vulnerability in the Realtek AP-Router SDK

Threat ID:: CC-4151
Threat Severity:: Information only
Published:: 18 August 2022 3:00 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Proof-of-concept exploit released for a Critical vulnerability in the Realtek AP-Router SDK

Affected platforms

The following platforms are known to be affected:

Versions: rtl819x-eCos-v0.x Series, rtl819x-eCos-v1.x Series

Realtek AP-Router SDK

Threat details

Introduction

A Proof-of-concept exploit has been released for a critical vulnerability in the Realtek AP-Router software developer kit (SDK). CVE-2022-27255 is a buffer overflow in the Session Initiation Protocol (SIP) and Application Layer Gateway (ALG), affecting networking devices built with the Realtek SDK rtl819x-eCos-v0.x Series and rtl819x-eCos-v1.x Series system-on-chip. CVE-2022-27255 was patched by Realtek in March 2022, however product vendors utilising the above system-on-chip will need to release separate updates for affected devices.

A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.

CVE-2022-27255 under active exploitation

According to high-confidence intelligence from Recorded Future, this vulnerability is now under active exploitation by criminal groups in order to achieve denial of service and remote code execution.

Remediation advice

Organisations are advised to begin assessing their exposure to this vulnerability now by ensuring asset registers are up to date, particularly for low volume networking devices such as small to medium business routers and internet of things devices.

Specifically, organisations should:

Conduct discovery activities and document any potentially affected devices within their asset registers.
Inform information asset owners where vulnerable devices are identified.
Ensure local processes are in place for identifying and issuing emergency firmware updates for affected devices.
Update affected devices when patches are available from vendors.

Definitive source of threat updates

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf

CVE Vulnerabilities

Status Published

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.

Last edited: 23 August 2022 4:23 pm