【安全通报】Realtek SDK 多个未授权严重漏洞(CVE-2021-35394&CVE-2021-35395)
近日,IOT INSPECTOR 公开了 Realtek SDK 多个高危漏洞,并公布了其漏洞细节。未经身份验证的攻击者可以远程利用这些漏洞 完全破坏目标设备并以最高级别的权限执行任意代码。由于大多数嵌入式设备使用了 Realtek SDK,至少有 65 家供应商会受到严重漏洞的影响。
漏洞描述
Realtek SDK是瑞昱(Realtek)公司的一套SDK开发包。
CVE-2021-35394
由于对从客户端收到的命令的合法性检测不足,‘UDPServer’ MP 工具受到多个缓冲区溢出漏洞和任意命令注入漏洞的影响。
该漏洞CVSS3评分:9.8,危害等级:严重
CVE-2021-35395
由于某些超长参数的不安全副本以表单方式提交,HTTP Web 服务器‘boa’(go-ahead 已过时)容易受到多缓冲区溢出的影响。
该漏洞CVSS3评分:9.8,危害等级:严重
CVE-2021-35392/CVE-2021-35393
由于 UPnP SUBSCRIBE/UNSUBSCRIBE 回调标头的不安全解析 和 从收到的 M-SEARCH 消息 ST 标头中不安全地制作 SSDP NOTIFY 消息,实现 UPnP 和 SSDP 协议的“WiFi 简单配置”服务器 (wscd) 容易受到堆栈缓冲区溢出 (CVE-2021-35393) 和堆缓冲区溢出影响( CVE-2021-35392)。
该漏洞CVSS3评分:8.1,危害等级:高危
CVE 编号
CVE-2021-35392
CVE-2021-35393
CVE-2021-35394
CVE-2021-35395
影响范围
rtl819x-SDK-v3.2.x 系列
rtl819x-SDK-v3.4.x 系列
rtl819x-SDK-v3.4T 系列
rtl819x-SDK-v3.4T-CT 系列
rtl819x-eCos-v1.5.x 系列
已知受影响的厂商名单如下:
厂商 | 受影响的设备 |
---|---|
A-Link Europe Ltd | A-Link WNAP WNAP(b) |
ARRIS Group, Inc | VAP4402_CALA |
Airlive Corp. | WN-250R WN-350R |
Abocom System Inc. | Wireless Router ? |
AIgital | Wifi Range Extenders |
Amped Wireless | AP20000G |
Askey | AP5100W |
ASUSTek Computer Inc. | RT-Nxx models, WL330-NUL Wireless WPS Router RT-N10E Wireless WPS Router RT-N10LX Wireless WPS Router RT-N12E Wireless WPS Router RT-N12LX |
BEST ONE TECHNOLOGY CO., LTD. | AP-BNC-800 |
Beeline | Smart Box v1 |
Belkin | F9K1015 AC1200DB Wireless Router F9K1113 v4 AC1200FE Wireless Router F9K1123 AC750 Wireless Router F9K1116 N300WRX N600DB |
Buffalo Inc. | WEX-1166DHP2 WEX-1166DHPS WEX-300HPS WEX-733DHPS WMR-433 WSR-1166DHP3 WSR-1166DHP4 WSR-1166DHPL WSR-1166DHPL2 |
Calix Inc. | 804Mesh |
China Mobile Communication Corp. | AN1202L |
Compal Broadband Networks, INC. | CH66xx cable modems line. |
D-Link | DIR-XXX models ba sed on rlx-linux DAP-XXX models ba sed on rlx-linux DIR-300 DIR-501 DIR-600L DIR-605C DIR-605L DIR-615 DIR-618 DIR-618b DIR-619 DIR-619L DIR-809 DIR-813 DIR-815 DIR-820L DIR-825 DIR-825AC DIR-825ACG1 DIR-842 DAP-1155 DAP-1155 A1 DAP-1360 C1 DAP-1360 B1 DSL-2640U DSL-2750U DSL_2640U VoIP Router DVG-2102S VoIP Router DVG-5004S VoIP Router DVG-N5402GF VoIP Router DVG-N5402SP VoIP Router DVG-N5412SP Wireless VoIP Device DVG-N5402SP |
DASAN Networks | H150N |
Davolink Inc. | DVW2700 1 DVW2700L 1 |
Edge-core | VoIP Router ECG4510-05E-R01 |
Edimax | RE-7438 BR6478N Wireless Router BR-6428nS N150 Wireless Router BR6228GNS N300 Wireless Router BR6428NS BR-6228nS/nC |
Edison | unknown |
EnGenius Technologies, Inc. | 11N Wireless Router Wireless AP Router |
ELECOM Co.,LTD. | WRC-1467GHBK WRC-1900GHBK WRC-300FEBK-A WRC-733FEBK-A |
Esson Technology Inc. | Wifi Module ESM8196 – https://fccid.io/RKOESM8196 (therefore any device using this wifi module) |
EZ-NET Ubiquitous Corp. | NEXT-7004N |
FIDA | PRN3005L D5 |
Hama | unknown |
Hawking Technologies, Inc. | HAWNR3 |
MT-Link | MT-WR600N |
Huawei | HG532e, HGxxx models |
I-O DATA DEVICE, INC. | WN-AC1167R WN-G300GR |
iCotera | i6800 |
IGD | 1T1R |
LG International | Axler Router LGI-R104N Axler Router LGI-R104T Axler Router LGI-X501 Axler Router LGI-X502 Axler Router LGI-X503 Axler Router LGI-X601 Axler Router LGI-X602 Axler Router RT-DSE |
LINK-NET TECHNOLOGY CO., LTD. | LW-N664R2 LW-U31 LW-U700 |
Logitec | BR6428GNS LAN-W300N3L |
MMC Technology | MM01-005H MM02-005H |
MT-Link | MT-WR730N MT-WR760N MT-WR761N MT-WR761N+ MT-WR860N |
NetComm Wireless | NF15ACV |
Netis | WF2411 WF2411I WF2411R WF2419 WF2419I WF2419R WF2681 |
Netgear | N300R |
Nexxt Solutions | AEIEL304A1 AEIEL304U2 ARNEL304U1 |
Observa Telecom | RTA01 |
Occtel | VoIP Router ODC201AC VoIP Router OGC200W VoIP Router ONC200W VoIP Router SP300-DS VoIP Router SP5220SO VoIP Router SP5220SP |
Omega Technology | Wireless N Router O31 OWLR151U Wireless N Router O70 OWLR307U |
PATECH | Axler RT-TSE Axler Router R104 Axler Router R3 Axler Router X503 Axler Router X603 LotteMart Router 104L LotteMart Router 502L LotteMart Router 503L Router P104S Router P501 |
PLANEX COMMUNICATIONS INC. Planex Communications Corp. | MZK-MF300N MZK-MR150 MZK-W300NH3 MZK-W300NR MZK-WNHR |
PLANET Technology | VIP-281SW |
Realtek | RTL8196C EV-2009-02-06 RTL8xxx EV-2009-02-06 RTL8xxx EV-2010-09-20 RTL8186 EV-2006-07-27 RTL8671 EV-2006-07-27 RTL8671 EV-2010-09-20 RTL8xxx EV-2006-07-27 RTL8xxx EV-2009-02-06 RTL8xxx EV-2010-09-20 |
Revogi Systems | |
Sitecom Europe BV | Sitecom Wireless Gigabit Router WLR-4001 Sitecom Wireless Router 150N X1 150N Sitecom Wireless Router 300N X2 300N Sitecom Wireless Router 300N X3 300N |
Skystation | CWR-GN150S |
Sercomm Corp. | Telmex Infinitum |
Shaghal Ltd. | ERACN300 |
Shenzhen Yichen (JCG) Technology Development Co., Ltd. | JYR-N490 |
Skyworth Digital Technology. | Mesh Router |
Smartlink | unknown |
TCL Communication | unknown |
Technicolor | TD5137 |
Telewell | TW-EAV510 |
Tenda | AC6, AC10, W6, W9, i21 |
Totolink | A300R |
TRENDnet, Inc. TRENDnet Technology, Corp. | TEW-651BR TEW-637AP TEW-638APB TEW-831DR |
UPVEL | UR-315BN |
ZTE | MF253V, MF910 |
Zyxel | P-330W X150N NBG-2105 NBG-416N AP Router NBG-418N AP Router WAP6804 |
修复建议
官方已发布安全补丁:
CVE-2021-35392/CVE-2021-35393/CVE-2021-35394
20210622_sdk_3.2.3_wsc_binary_and_mp_daemon_patch.tar.gz
20210622_sdk_3.4.11E_wsc_binary_and_mp_daemon_patch.tar.gz
20210705_sdk-v3.4t_pre5_wsc_binary_and_mp_daemon_patch.tar.gz
20210622_sdk-v3.4t_pre7_wsc-upnp-mp.tgz
20210701_ecosV1.5.3_patch_for_fixing_vulnerabiits.tar.gz
CVE-2021-35395
20210608_release_v3.2.3_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210608_release_v3.4.11_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210608_release_v3.4T-CT_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210701_ecosV1.5.3_patch_for_fixing_vulnerabiits.tar.gz
参考
[1] https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
[2] https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
[3] https://mp.weixin.qq.com/s/Un6tVAMZgO3sP0cEQN0Hhg
白帽汇从事信息安全,专注于安全大数据、企业威胁情报。
公司产品:FOFA-网络空间安全搜索引擎、FOEYE-网络空间检索系统、NOSEC-安全讯息平台。
为您提供:网络空间测绘、企业资产收集、企业威胁情报、应急响应服务。
最新评论