Vulnerability in Realtek eCos SDK poses threat to networking devices

SecurityWeek reports that CVE-2022-27255, a high severity security vulnerability that affects Realtek eCos SDK, could allow remote attackers to get arbitrary code execution or cause networking devices that use the SDK to crash. The Taiwanese semiconductor company announced in March the availability of a patch to the eCos SDK vulnerability. Faraday Security researchers discovered the vulnerability, and researcher Octavio Gianatiempo presented their findings at the DEF CON conference in Las Vegas. He said that the vulnerability can be exploited without user interaction by directly using the internet to attack affected routers with default settings. "The vulnerable code is part of the networking stack if the device is connected to the internet, an attacker only needs to send a packet to take control of the device," Gianatiempo said. D-Link, Nexxt, Tenda and Intelbras were among the nearly 20 vendors identified by researchers that use CVE-2022-27255 for their products. They also discovered over 60,000 vulnerable routers that have exposed administration panels. "The admin panel is not enabled by default, so the total number of exposed devices should be greater," said Gianatiempo. "Remote identification of affected routers would require triggering the vulnerability, which is outside our research scope."