【安全通报】Realtek SDK 多个未授权严重漏洞(CVE-2021-35394&CVE-2021-35395)

fmbd  1218天前

product20210818.png

近日,IOT INSPECTOR 公开了 Realtek SDK 多个高危漏洞,并公布了其漏洞细节。未经身份验证的攻击者可以远程利用这些漏洞 完全破坏目标设备并以最高级别的权限执行任意代码。由于大多数嵌入式设备使用了 Realtek SDK,至少有 65 家供应商会受到严重漏洞的影响。

漏洞描述

Realtek SDK是瑞昱(Realtek)公司的一套SDK开发包

CVE-2021-35394

由于对从客户端收到的命令的合法性检测不足,‘UDPServer’ MP 工具受到多个缓冲区溢出漏洞和任意命令注入漏洞的影响。
该漏洞CVSS3评分:9.8,危害等级:严重

CVE-2021-35395

由于某些超长参数的不安全副本以表单方式提交,HTTP Web 服务器‘boa’(go-ahead 已过时)容易受到多缓冲区溢出的影响。
该漏洞CVSS3评分:9.8,危害等级:严重

CVE-2021-35392/CVE-2021-35393

由于 UPnP SUBSCRIBE/UNSUBSCRIBE 回调标头的不安全解析 和 从收到的 M-SEARCH 消息 ST 标头中不安全地制作 SSDP NOTIFY 消息,实现 UPnP 和 SSDP 协议的“WiFi 简单配置”服务器 (wscd) 容易受到堆栈缓冲区溢出 (CVE-2021-35393) 和堆缓冲区溢出影响( CVE-2021-35392)。
该漏洞CVSS3评分:8.1,危害等级:高危

CVE 编号

CVE-2021-35392
CVE-2021-35393

CVE-2021-35394
CVE-2021-35395

影响范围

rtl819x-SDK-v3.2.x 系列
rtl819x-SDK-v3.4.x 系列
rtl819x-SDK-v3.4T 系列
rtl819x-SDK-v3.4T-CT 系列
rtl819x-eCos-v1.5.x 系列

已知受影响的厂商名单如下:

厂商
受影响的设备
A-Link Europe LtdA-Link WNAP WNAP(b)
ARRIS Group, IncVAP4402_CALA
Airlive Corp.WN-250R
WN-350R
Abocom System Inc.Wireless Router ?
AIgitalWifi Range Extenders
Amped WirelessAP20000G
AskeyAP5100W
ASUSTek Computer Inc.RT-Nxx models, WL330-NUL
Wireless WPS Router RT-N10E
Wireless WPS Router RT-N10LX
Wireless WPS Router RT-N12E
Wireless WPS Router RT-N12LX
BEST ONE TECHNOLOGY CO., LTD.AP-BNC-800
BeelineSmart Box v1
BelkinF9K1015
AC1200DB Wireless Router F9K1113 v4 
AC1200FE Wireless Router F9K1123 
AC750 Wireless Router F9K1116
N300WRX
N600DB
Buffalo Inc.WEX-1166DHP2
WEX-1166DHPS
WEX-300HPS
WEX-733DHPS
WMR-433
WSR-1166DHP3
WSR-1166DHP4
WSR-1166DHPL
WSR-1166DHPL2
Calix Inc.804Mesh
China Mobile Communication Corp.AN1202L
Compal Broadband Networks, INC.CH66xx cable modems line.
D-LinkDIR-XXX models ba sed on rlx-linux
DAP-XXX models ba sed on rlx-linux
DIR-300
DIR-501
DIR-600L
DIR-605C
DIR-605L
DIR-615
DIR-618
DIR-618b
DIR-619
DIR-619L
DIR-809
DIR-813
DIR-815
DIR-820L
DIR-825
DIR-825AC
DIR-825ACG1
DIR-842
DAP-1155
DAP-1155 A1
DAP-1360 C1
DAP-1360 B1
DSL-2640U
DSL-2750U
DSL_2640U
VoIP Router DVG-2102S
VoIP Router DVG-5004S
VoIP Router DVG-N5402GF
VoIP Router DVG-N5402SP
VoIP Router DVG-N5412SP
Wireless VoIP Device DVG-N5402SP
DASAN NetworksH150N
Davolink Inc.DVW2700 1
DVW2700L 1
Edge-coreVoIP Router ECG4510-05E-R01
EdimaxRE-7438
BR6478N
Wireless Router BR-6428nS N150
Wireless Router BR6228GNS N300
Wireless Router BR6428NS BR-6228nS/nC
Edisonunknown
EnGenius Technologies, Inc.11N Wireless Router
Wireless AP Router
ELECOM Co.,LTD.WRC-1467GHBK
WRC-1900GHBK
WRC-300FEBK-A
WRC-733FEBK-A
Esson Technology Inc.Wifi Module ESM8196 – https://fccid.io/RKOESM8196 (therefore any device using this wifi module)
EZ-NET Ubiquitous Corp.NEXT-7004N
FIDAPRN3005L D5
Hamaunknown
Hawking Technologies, Inc.HAWNR3
MT-LinkMT-WR600N
HuaweiHG532e, HGxxx models
I-O DATA DEVICE, INC.WN-AC1167R
WN-G300GR
iCoterai6800
IGD1T1R
LG InternationalAxler Router LGI-R104N
Axler Router LGI-R104T
Axler Router LGI-X501
Axler Router LGI-X502
Axler Router LGI-X503
Axler Router LGI-X601
Axler Router LGI-X602
Axler Router RT-DSE
LINK-NET TECHNOLOGY CO., LTD.LW-N664R2
LW-U31
LW-U700
LogitecBR6428GNS
LAN-W300N3L
MMC TechnologyMM01-005H
MM02-005H
MT-LinkMT-WR730N
MT-WR760N
MT-WR761N
MT-WR761N+
MT-WR860N
NetComm WirelessNF15ACV
NetisWF2411
WF2411I
WF2411R
WF2419
WF2419I
WF2419R
WF2681
NetgearN300R
Nexxt SolutionsAEIEL304A1
AEIEL304U2
ARNEL304U1
Observa TelecomRTA01
OcctelVoIP Router ODC201AC
VoIP Router OGC200W
VoIP Router ONC200W
VoIP Router SP300-DS
VoIP Router SP5220SO
VoIP Router SP5220SP
Omega TechnologyWireless N Router O31 OWLR151U
Wireless N Router O70 OWLR307U
PATECHAxler RT-TSE
Axler Router R104
Axler Router R3
Axler Router X503
Axler Router X603
LotteMart Router 104L
LotteMart Router 502L
LotteMart Router 503L
Router P104S
Router P501
PLANEX COMMUNICATIONS INC. Planex Communications Corp.MZK-MF300N
MZK-MR150
MZK-W300NH3
MZK-W300NR
MZK-WNHR
PLANET TechnologyVIP-281SW
RealtekRTL8196C EV-2009-02-06
RTL8xxx EV-2009-02-06
RTL8xxx EV-2010-09-20
RTL8186 EV-2006-07-27
RTL8671 EV-2006-07-27
RTL8671 EV-2010-09-20
RTL8xxx EV-2006-07-27
RTL8xxx EV-2009-02-06
RTL8xxx EV-2010-09-20
Revogi Systems
Sitecom Europe BVSitecom Wireless Gigabit Router WLR-4001
Sitecom Wireless Router 150N X1 150N
Sitecom Wireless Router 300N X2 300N
Sitecom Wireless Router 300N X3 300N
SkystationCWR-GN150S
Sercomm Corp.Telmex Infinitum
Shaghal Ltd.ERACN300
Shenzhen Yichen (JCG) Technology Development Co., Ltd.JYR-N490
Skyworth Digital Technology.Mesh Router
Smartlinkunknown
TCL Communicationunknown
TechnicolorTD5137
TelewellTW-EAV510
TendaAC6, AC10, W6, W9, i21
TotolinkA300R
TRENDnet, Inc. TRENDnet Technology, Corp.TEW-651BR
TEW-637AP
TEW-638APB
TEW-831DR
UPVELUR-315BN
ZTEMF253V, MF910
ZyxelP-330W
X150N
NBG-2105
NBG-416N AP Router
NBG-418N AP Router
WAP6804

修复建议

官方已发布安全补丁:

CVE-2021-35392/CVE-2021-35393/CVE-2021-35394
20210622_sdk_3.2.3_wsc_binary_and_mp_daemon_patch.tar.gz
20210622_sdk_3.4.11E_wsc_binary_and_mp_daemon_patch.tar.gz
20210705_sdk-v3.4t_pre5_wsc_binary_and_mp_daemon_patch.tar.gz
20210622_sdk-v3.4t_pre7_wsc-upnp-mp.tgz
20210701_ecosV1.5.3_patch_for_fixing_vulnerabiits.tar.gz

CVE-2021-35395
20210608_release_v3.2.3_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210608_release_v3.4.11_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210608_release_v3.4T-CT_patch_for_fix_buffer_overflow_of_boa.tar.gz
20210701_ecosV1.5.3_patch_for_fixing_vulnerabiits.tar.gz

参考

[1] https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf

[2] https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/

[3] https://mp.weixin.qq.com/s/Un6tVAMZgO3sP0cEQN0Hhg


白帽汇从事信息安全,专注于安全大数据、企业威胁情报。

公司产品:FOFA-网络空间安全搜索引擎、FOEYE-网络空间检索系统、NOSEC-安全讯息平台。

为您提供:网络空间测绘、企业资产收集、企业威胁情报、应急响应服务。

最新评论

王森  :  这安全补丁到底在哪里下载啊
770天前 回复
昵称
邮箱
提交评论