1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flaw in Realtek SDK for wireless chipsets exposes routers to hacking

Discussion in 'CSO' started by RSS, Apr 29, 2015.

  1. RSS

    RSS New Member Member

    The software that controls wireless networking chipsets made by Realtek Semiconductor contains a critical vulnerability that could allow attackers to compromise home routers.

    The flaw exists in a firmware component called miniigd that's present in router models based on Realtek chipsets. The component is part of the software development kit (SDK) for RTL81xxx chipsets that Realtek provides to router manufacturers.

    The vulnerability was discovered by Ricky Lawshae, a researcher with Hewlett-Packard's TippingPoint Digital Vaccine Labs (DVLabs) which runs the well-known Zero-Day Initiative (ZDI) bug bounty program.

    MORE ON CSO:Mobile Security Survival Guide

    "An attacker could leverage this vulnerability to execute code with root privileges," the ZDI team said in an advisory published Friday. Exploitation does not require authentication, it said.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page