Sequretek Advisory - Realtek SDK Vulnerability: CVE-2022-27255

A serious vulnerability in SIP application layer gateway (ALG), identified as CVE-2022- 27255, has been found in Realtek's Software Development Kit (SDK) that exposes the networking devices of many vendors to remote.

• Researchers at Faraday Security, an Argentina-based cybersecurity firm, have been credited by Realtek for discovering the vulnerability, CVE-2022-27255, which is a stackbased buffer overflow.

• With a high severity score of 9.8 out of 10, it enables remote attackers to cause a crash or achieve arbitrary code execution on devices that use the Realtek’s software development kit (SDK).

• The vulnerability affects many devices built around the RTL819x System on a Chip (SoC). Realtek released a patch in March 2022, however device OEMs need to release updated firmware.

• There is no simple way to identify affected devices and an exploit is available and difficult to block for many affected devices.

• Home/SMB routers are the most likely target.

Sign Up Here for Download