65 Manufacturers Affected by Critical Security Flaws in Realtek Chipsets

 

Cybersecurity experts have unearthed critical security flaws in Realtek chips that affect more than 65 hardware vendors and several wireless devices. According to security analysts at German security firm IoT Inspector, the flaws could affect almost 200 IoT product lines and hundreds of thousands of devices.

“Our security researchers have discovered and analyzed this vulnerability, which affects hundreds of thousands of devices. We notified Realtek, and they immediately responded and provided an appropriate patch. Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users,” said Florian Lukavsky, managing director of IoT Inspector

Several well-known manufacturers including AsusTEK, Belkin, D-Link, Edimax, Hama, Logitec, Netgear are affected by the flaws discovered in Realtek chipsets. Realtek chipsets are used in residential gateways, travel routers, Wifi repeaters, IP cameras to smart lightning gateways, and many more.

Researchers discovered four vulnerabilities CVE-2021-35392 (CVSS score: 8.1), CVE-2021-35393 (CVSS score: 8.1), CVE-2021-35394 (CVSS score: 9.8), and CVE-2021-35395 (CVSS score: 9.8) within the Realtek RTL819xD chip, which allows threat actors to secure root access to the host device, its operating system, and potentially other devices on the network.

Typically, for an exploit to be successful, an attacker must be on the same Wi-Fi network. However, incorrect ISP configurations also expose many susceptible devices directly to the Internet. 

“There is currently far too little security awareness for devices in these categories – neither among users nor among manufacturers, who blindly rely on components from other manufacturers in their supply chain without testing them. As a result, these components or products become an unpredictable risk,” warns Lukavsky. 

According to the latest study by research and advisory firm Forrester, only 38 percent of corporate security decision-makers worldwide have adequate policies and tools to properly handle IoT devices. Security experts have urged the developers to implement guidelines for IoT supply chain security. 

“We find new security vulnerabilities every day, most of which are directly mandated by manufacturers. The IT security mindset needs to include all devices connected to networks, regular audits, and patches. Sometimes, a patch is itself the source of a new vulnerability. Few affected companies respond as quickly and thoroughly as Realtek. However, manufacturers are now also required to patch vulnerable Realtek components in their devices, while users are urged to check their devices and update them if necessary,” Lukavsky concluded.