"Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDKs"
Numerous Internet of Things (IoT) Systems may be exposed to remote hacker attacks because of vulnerabilities discovered in Software Development Kits (SDKs) provided by the Taiwan-based semiconductor company Realtek to device manufacturers. Researchers at the firmware security company IoT Inspector found over a dozen security flaws in SDKs provided by Realtek to companies that use its RTL8xxx chips. The exploitation of these flaws can result in a Denial-of-Service (DoS) condition and allow for command injection. Some of them can be used by remote hackers to take over a targeted device without the need for authentication. According to IoT Inspector, there are almost 200 distinct types of impacted devices from a total of 65 different vendors. Affected devices include IP cameras, routers, residential gateways, toys, and Wi-Fi repeaters. The list of manufacturers and vendors impacted by the vulnerabilities includes Zyxel, Netgear, Logitech, Huawei, D-Link, Belkin, and ASUS. The security firm pointed out that if the impacted vendors sold about 5,000 devices of each affected model, then the vulnerabilities would expose nearly one million systems to remote attacks. The vulnerabilities, tracked as CVE-2021-35392 through CVE-2021-35395, have been assigned critical and high severity ratings. This discovery showcases the broad implications of an obscure IoT supply chain. This article continues to discuss the potential exploitation and impact of the flaws found in Realtek SDKs.