14 DAY TRIAL // A vulnerability present in version 1.3 of RealTek SDK (software development kit), which is used in the development of broadband routers from D-Link and Trendnet, can be exploited by an attacker to execute arbitrary code on the device.
Although only the products of the aforementioned manufacturers have been found to be vulnerable, the list may be larger as RealTek SDK is used in the firmware production of wireless and gateway controllers.
Attacker could get root privileges
The glitch was reported on August 13, 2014, to HP’s Zero Day Initiative by security researcher Ricky Lawshae, who found that D-Link and Trendnet products were affected. The vendor was informed of the flaw repeatedly, but at the moment a patch is still to be released.
The flaw resides in the “MiniIGD” component part of the SOAP (simple object access protocol) service, which handles the communication between web services.
“The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges,” an advisory from ZDI informs.
Patch availability likely not to correct the issue on many products
Mitigating the risk can be done by limiting interaction with the service only to clients that are trusted. This can be achieved by implementing firewall rules or by creating whitelists with the machines that are allowed communication.
Security researcher Stefan Viehböck said in a tweet that MiniIGD appears to be a fork from an old version of MiniUPnP. Some researchers suggest turning off the Universal Plug and Play (UPnP) service, which is used for discovering clients in a local network. On some devices, UPnP can also be accessed from the Internet, thus enabling a remote attack.
It is worth noting that, even if RealTek comes up with a patch for the problem, it would not be implemented on all affected devices since many of them are no longer supported by their manufacturers.