Realtek SDK exposes systems to SIP bug

By on
Realtek SDK exposes systems to SIP bug

Third party updates a huge issue.

A bug in a Realtek software development kit (SDK) means any third party devices with software that uses the SDK could inherit a vulnerability in their Session Initiation Protocol (SIP) implementations.

While patched by Realtek back in March, third parties may not yet have rolled out their own patches. 

Disclosed on Friday in a Defcon talk [pdf] by Faraday Security’s Octavio Galland and Octavio Gianatiempo, the bug could affect any equipment that uses Realtek's RTL819x SoCs.

“Devices using firmware built around the Realtek eCOS SDK before March 2022 are vulnerable; you are vulnerable even if you do not expose any admin interface functionality; attackers may use a single UDP packet to an arbitrary port to exploit the vulnerability; and this vulnerability will likely affect routers the most, but some IoT devices built around Realtek's SDK may also be affected," SANS Institute’s Johannes Ullrich summarised.

The CVE ticket adds: “In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP [Session Description Protocol] data has a stack-based buffer overflow.

"This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.”

The crafted packet could be as simple as ‘m=audio 49170’ followed by the letter ‘a’ repeated 256 times, the researchers explained in their Defcon paper.

The resulting crash left the attackers with root access to their target device, a Nexxt Nebula 300 Plus wireless router, via telnet.

Ullrich advises sysadmins to make sure their firmware is up-to-date, in case their vendor has released a fix.

For mitigation, he suggests blocking UDP requests at the perimeter. He warned: “This isn’t easy, and you must be careful not to block anything critical”.

However, Ullrich wrote, only unsolicited inbound traffic need be blocked.

“Protocols like gaming and some VoIP systems may give you a more difficult time with rules like this.

“For VoIP, you may be able to allowlist your VoIP provider.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
realteksdksecuritysipvulnerability

Sponsored Whitepapers

Free eBook: Digital Transformation 101 &#8211; for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see

Events

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Domino&#8217;s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector

Log In

  |  Forgot your password?